CVE-2014-0224
Published Jun 5, 2014
Last updated a year ago
Overview
- Description
- OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-326
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FA55B3F-13D6-4DB6-A215-544A4CB44144",
"versionEndExcluding": "0.9.8za"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "126D6450-A9AC-4646-879E-3F53482AADD7",
"versionEndExcluding": "1.0.0m",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B107973-BC4B-450F-A083-7C89DE05328B",
"versionEndExcluding": "1.0.1h",
"versionStartIncluding": "1.0.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABC1CA30-C6BE-411C-9EA1-D12B48B3556D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25FD2879-A940-4EC7-9636-71E2A1ECFB36"
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53C986BD-2D1F-4865-B16D-72FD875E3776"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA2C244C-82F6-49BC-B7F7-54AB989C43E8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DE46452-FB3D-4472-B5E8-867A925410F0",
"versionEndExcluding": "0.9.45"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "056484D7-6824-4D2C-9CB9-119E9F98AD9D",
"versionEndExcluding": "2.0.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE6A8466-8A69-491B-8DAB-877A6C2F6660"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F9DB366-2F2A-4A24-95AA-1389E87563FE",
"versionEndExcluding": "1.1.25"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "970C7CDA-4BFF-44EC-B26B-1BA5415DA01D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7E99CFB-7509-4C84-862D-B95B9151AE19",
"versionEndExcluding": "1.6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4BDF192C-15CD-4A0A-933C-50F61A578CB4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E844A484-1DD6-4225-8634-8E722A42F7FD",
"versionEndExcluding": "1.16.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EFE77730-43FD-40A6-89C0-83EF6CC25F43"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "504AA794-4421-422D-A1C7-BB5AE334FD55",
"versionEndExcluding": "10.0.13",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E972B9F-0AAD-4076-8B19-55161B67E6FD",
"versionEndExcluding": "2.7.8",
"versionStartIncluding": "2.7.0"
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77B49A11-B6B3-417A-8142-FA0967D4E684",
"versionEndExcluding": "3.4.2",
"versionStartIncluding": "3.4.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "650C774B-058F-4898-8E3F-3D65BD28BD2E",
"versionEndExcluding": "0.10.29"
}
],
"operator": "OR"
}
]
}
]