Lucene search

[email protected]CVE-2014-4630

HistoryDec 30, 2014 - 3:59 p.m.

CVE-2014-4630

2014-12-3015:59:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2014-4630

emc

rsa

bsafe

micro edition suite

mes

ssl-j

tls

x.509 certificate

man-in-the-middle

triple handshake attack

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.1%

JSON

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.”

Affected configurations

NVD

Node

dellbsafe_micro-edition-suiteMatch4.0.0

dellbsafe_micro-edition-suiteMatch4.0.1

dellbsafe_micro-edition-suiteMatch4.0.2

dellbsafe_micro-edition-suiteMatch4.0.3

dellbsafe_micro-edition-suiteMatch4.0.4

dellbsafe_micro-edition-suiteMatch4.0.5

dellbsafe_ssl-jRange≤6.1.2

CPENameOperatorVersion
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.0
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.1
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.2
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.3
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.4
dell:bsafe_micro-edition-suitedell bsafe micro-edition-suiteeq4.0.5
dell:bsafe_ssl-jdell bsafe ssl-jle6.1.2

CPE	Name	Operator	Version
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.0
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.1
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.2
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.3
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.4
dell:bsafe_micro-edition-suite	dell bsafe micro-edition-suite	eq	4.0.5
dell:bsafe_ssl-j	dell bsafe ssl-j	le	6.1.2

References

archives.neohapsis.com/archives/bugtraq/2014-12/0169.html

www.securityfocus.com/bid/72534

secure-resumption.com/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for CVE-2014-4630

securityvulns2 cvelist1 nvd1 prion1