Lucene search

K
seebugRootSSV:92577
HistoryDec 20, 2016 - 12:00 a.m.

OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)

2016-12-2000:00:00
Root
www.seebug.org
540

0.975 High

EPSS

Percentile

100.0%

OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications.

OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information.

OpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm

OpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm

OpenSSL “heartbleed” security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm

By OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm

  • Source: KIKUCHI Masashi

0.975 High

EPSS

Percentile

100.0%