Lucene search

[email protected]NVD:CVE-2014-0625

HistoryFeb 18, 2014 - 12:55 a.m.

CVE-2014-0625

2014-02-1800:55:05

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

Affected configurations

NVD

Node

dellbsafe_ssl-jMatch5.1.2

dellbsafe_ssl-jMatch6.0

emcrsa_bsafe_ssl-jMatch5.0

emcrsa_bsafe_ssl-jMatch5.1.0

emcrsa_bsafe_ssl-jMatch5.1.1

emcrsa_bsafe_ssl-jMatch6.0.1

References

archives.neohapsis.com/archives/bugtraq/2014-02/0061.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for NVD:CVE-2014-0625

cve1 prion1 cvelist1 securityvulns2