Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-116.NASLHistoryFeb 09, 2015 - 12:00 a.m.
openSUSE Security Update : virtualbox (openSUSE-2015-116)
2015-02-0900:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
47
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.973
Percentile
99.9%
virtualbox was updated to version 4.2.28 to fix eight security issues.
These security issues were fixed :
-
OpenSSL fixes for VirtualBox (CVE-2014-0224)
-
Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447).
-
Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447).
For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-116.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81242);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-0224", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427");
script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2015-116)");
script_summary(english:"Check for the openSUSE-2015-116 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"virtualbox was updated to version 4.2.28 to fix eight security issues.
These security issues were fixed :
- OpenSSL fixes for VirtualBox (CVE-2014-0224)
- Unspecified vulnerability in the Oracle VM VirtualBox
prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local
users to affect availability via unknown vectors related
to Core, a different vulnerability than CVE-2015-0418
(CVE-2015-0377, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
before 4.3.20 allows local users to affect integrity and
availability via vectors related to VMSVGA virtual
graphics device, a different vulnerability than
CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and
CVE-2015-0427 (CVE-2014-6595, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
before 4.3.20 allows local users to affect integrity and
availability via vectors related to VMSVGA virtual
graphics device, a different vulnerability than
CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and
CVE-2015-0427 (CVE-2014-6588, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
before 4.3.20 allows local users to affect integrity and
availability via vectors related to VMSVGA virtual
graphics device, a different vulnerability than
CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and
CVE-2015-0427 (CVE-2014-6589, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
before 4.3.20 allows local users to affect integrity and
availability via vectors related to VMSVGA virtual
graphics device, a different vulnerability than
CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and
CVE-2015-0427 (CVE-2014-6590, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
prior to 4.3.20 allows local users to affect integrity
and availability via vectors related to VMSVGA virtual
graphics device, a different vulnerability than
CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and
CVE-2014-6595 (CVE-2015-0427, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox
prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local
users to affect availability via unknown vectors related
to Core, a different vulnerability than CVE-2015-0377
(CVE-2015-0418, bnc#914447).
For the full changelog please read
https://www.virtualbox.org/wiki/Changelog-4.2"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=914447"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.virtualbox.org/wiki/Changelog-4.2"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected virtualbox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.28-2.25.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-debuginfo-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debuginfo-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debugsource-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-devel-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-desktop-icons-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-debuginfo-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-debuginfo-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-debuginfo-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-4.3.20-7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-debuginfo-4.3.20-7.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0427
bugzilla.opensuse.org/show_bug.cgi?id=914447
www.virtualbox.org/wiki/Changelog-4.2
Related
openvas
openvas
Oracle Virtualbox Multiple Vulnerabilities (Feb 2015) - Linux
2015-02-02 00:00:00
Oracle Virtualbox Multiple Vulnerabilities (Feb 2015) - Windows
2015-02-02 00:00:00
Oracle Virtualbox Multiple Vulnerabilities (Feb 2015) - Mac OS X
2015-02-02 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 19:59:00
Design/Logic Flaw
2015-01-21 15:28:00
Design/Logic Flaw
2015-01-21 15:28:00
nvd
nvd
cve
cve
debiancve
debiancve
cvelist
cvelist
ubuntucve
ubuntucve
nessus
nessus
Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)
2015-01-22 00:00:00
GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
2016-12-12 00:00:00
Debian DSA-3143-1 : virtualbox - security update
2015-01-29 00:00:00
gentoo
gentoo
VirtualBox: Multiple vulnerabilities
2016-12-11 00:00:00
osv
osv
virtualbox - security update
2015-01-28 00:00:00
python-virtualbox-5.1.10-2.5 on GA media
2024-06-15 00:00:00
virtualbox-ose - security update
2015-07-06 00:00:00
debian
debian
[SECURITY] [DSA 3143-1] virtualbox security update
2015-01-28 18:52:08
[SECURITY] [DLA 268-1] virtualbox-ose security update
2015-07-06 12:05:40
myhack58
myhack58
amazon
amazon
Important: openssl098e
2014-06-05 15:38:00
Important: openssl097a
2014-06-05 15:38:00
threatpost
threatpost
SSL Pulse Scans Quantify Vulnerable OpenSSL Servers
2014-06-13 14:05:55
New OpenSSL MITM Flaw Affects All Clients, Some Server Versions
2014-06-05 09:30:06
ibm
ibm
nodejsblog
nodejsblog
OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)
2014-06-16 00:00:00
centos
centos
openssl security update
2014-06-06 01:40:21
openssl097a, openssl098e security update
2014-06-05 13:21:51
cert
cert
OpenSSL is vulnerable to a man-in-the-middle attack
2014-06-05 00:00:00
arista
arista
Security Advisory 0005
2014-06-09 00:00:00
jvn
jvn
JVN#61247051: OpenSSL improper handling of Change Cipher Spec message
2014-06-06 00:00:00
thn
thn
Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw
2014-06-26 21:22:00
mariadbunix
mariadbunix
CVE-2014-0224
2014-06-05 21:55:07
packetstorm
packetstorm
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
2024-08-31 00:00:00
SSL Labs API Client
2024-08-31 00:00:00
metasploit
metasploit
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
2014-06-09 22:38:11
SSL Labs API Client
2015-03-27 11:34:11
hp
hp
kaspersky
kaspersky
KLA10266 OSI vulnerability in MySQL Workbench
2014-06-27 00:00:00
redhat
redhat
(RHSA-2014:0632) Important: Red Hat JBoss Web Server 2.0.1 openssl security update
2014-06-05 14:49:28
(RHSA-2014:0631) Important: Red Hat JBoss Enterprise Application Platform 6.2.3 security update
2014-06-05 15:19:06
(RHSA-2014:0626) Important: openssl097a and openssl098e security update
2014-06-05 00:00:00
hackerone
hackerone
Whisper: CVE-2014-0224 openssl ccs vulnerability
2015-03-11 04:42:02
paloalto
paloalto
OpenSSL Man-in-the-middle vulnerability
2014-06-09 07:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 08:52:44
Man-in-the-Middle (MitM)
2017-02-07 02:08:35
openssl
openssl
Vulnerability in OpenSSL - SSL/TLS MITM vulnerability
2014-06-05 00:00:00
f5
f5
SOL15325 - OpenSSL vulnerability CVE-2014-0224
2014-06-05 00:00:00
K15325 : OpenSSL vulnerability CVE-2014-0224
2015-10-15 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-06-11 00:00:00
openssl098e security update
2014-07-23 00:00:00
openssl security update
2014-06-05 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)
2014-06-09 00:00:00
checkpoint_security
checkpoint_security
SSL/TLS MITM vulnerability (CVE-2014-0224)
2014-06-05 21:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1h-alt1
2014-06-05 00:00:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.973
Percentile
99.9%
Related for OPENSUSE-2015-116.NASL