Lucene search

Veracode Vulnerability DatabaseVERACODE:14770

HistoryMay 02, 2019 - 4:55 a.m.

Man-in-the-Middle (MitM)

2019-05-0204:55:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

java is vulnerable to man-in-the-middle (MitM). The vulnerability exists through a blockwise chosen-boundary attack (BCBA) on a HTTPS session.

CPENameOperatorVersion
java-1.6.0-ibmeq1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibmeq1.6.0.10.1__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.8.1__1jpp.2.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el4
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el6
java-1.6.0-openjdkeq1.6.0.0__1.36.b17.el6_0
java-1.6.0-openjdkeq1.6.0.0__1.7.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.39.b17.el6_0

Name	Operator	Version
java-1.6.0-ibm	eq	1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibm	eq	1.6.0.10.1__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.8.1__1jpp.2.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el4
java-1.6.0-ibm	eq	1.6.0.9.1__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.9.1__1jpp.1.el6
java-1.6.0-openjdk	eq	1.6.0.0__1.36.b17.el6_0
java-1.6.0-openjdk	eq	1.6.0.0__1.7.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.39.b17.el6_0

Rows per page:

1-10 of 501

References

blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/

blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx

blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx

curl.haxx.se/docs/adv_20120124B.html

downloads.asterisk.org/pub/security/AST-2016-001.html

ekoparty.org/2011/juliano-rizzo.php

eprint.iacr.org/2004/111

eprint.iacr.org/2006/136

googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

isc.sans.edu/diary/SSL+TLS+part+3+/11635

lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/Jul/msg00001.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

marc.info/?l=bugtraq&m=132750579901589&w=2

marc.info/?l=bugtraq&m=132872385320240&w=2

marc.info/?l=bugtraq&m=133365109612558&w=2

marc.info/?l=bugtraq&m=133728004526190&w=2

marc.info/?l=bugtraq&m=134254866602253&w=2

marc.info/?l=bugtraq&m=134254957702612&w=2

my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue

osvdb.org/74829

rhn.redhat.com/errata/RHSA-2012-0508.html

rhn.redhat.com/errata/RHSA-2013-1455.html

secunia.com/advisories/45791

secunia.com/advisories/47998

secunia.com/advisories/48256

secunia.com/advisories/48692

secunia.com/advisories/48915

secunia.com/advisories/48948

secunia.com/advisories/49198

secunia.com/advisories/55322

secunia.com/advisories/55350

secunia.com/advisories/55351

security.gentoo.org/glsa/glsa-201203-02.xml

security.gentoo.org/glsa/glsa-201406-32.xml

support.apple.com/kb/HT4999

support.apple.com/kb/HT5001

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

support.apple.com/kb/HT5501

support.apple.com/kb/HT6150

technet.microsoft.com/security/advisory/2588513

vnhacker.blogspot.com/2011/09/beast.html

www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

www.debian.org/security/2012/dsa-2398

www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html

www.ibm.com/developerworks/java/jdk/alerts/

www.imperialviolet.org/2011/09/23/chromeandbeast.html

www.insecure.cl/Beast-SSL.rar

www.kb.cert.org/vuls/id/864643

www.mandriva.com/security/advisories?name=MDVSA-2012:058

www.opera.com/docs/changelogs/mac/1151/

www.opera.com/docs/changelogs/mac/1160/

www.opera.com/docs/changelogs/unix/1151/

www.opera.com/docs/changelogs/unix/1160/

www.opera.com/docs/changelogs/windows/1151/

www.opera.com/docs/changelogs/windows/1160/

www.opera.com/support/kb/view/1004/

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

www.redhat.com/support/errata/RHSA-2011-1384.html

www.redhat.com/support/errata/RHSA-2012-0006.html

www.securityfocus.com/bid/49388

www.securityfocus.com/bid/49778

www.securitytracker.com/id/1029190

www.securitytracker.com/id?1025997

www.securitytracker.com/id?1026103

www.securitytracker.com/id?1026704

www.ubuntu.com/usn/USN-1263-1

www.us-cert.gov/cas/techalerts/TA12-010A.html

access.redhat.com/security/updates/classification/#low

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

bugzilla.novell.com/show_bug.cgi?id=719047

bugzilla.redhat.com/show_bug.cgi?id=737506

bugzilla.redhat.com/show_bug.cgi?id=788606

cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

hermes.opensuse.org/messages/13154861

hermes.opensuse.org/messages/13155432

ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752

rhn.redhat.com/errata/RHSA-2013-1455.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:14770