Lucene search

PRIOn knowledge basePRION:CVE-2014-3568

HistoryOct 19, 2014 - 1:55 a.m.

Design/Logic Flaw

2014-10-1901:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

CPENameOperatorVersion
openssleq1.0.110
openssleq1.0.1 beta2
openssleq1.0.99
openssleq1.0.105
openssleq1.0.0 beta1
openssleq1.0.1104
openssleq1.0.0 beta2
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103

Name	Operator	Version
openssl	eq	1.0.110
openssl	eq	1.0.1 beta2
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.0 beta1
openssl	eq	1.0.1104
openssl	eq	1.0.0 beta2
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103

Rows per page:

1-10 of 341

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

secunia.com/advisories/59627

secunia.com/advisories/61058

secunia.com/advisories/61073

secunia.com/advisories/61130

secunia.com/advisories/61207

secunia.com/advisories/61819

secunia.com/advisories/61959

secunia.com/advisories/62030

secunia.com/advisories/62070

secunia.com/advisories/62124

security.gentoo.org/glsa/glsa-201412-39.xml

support.apple.com/HT204244

www-01.ibm.com/support/docview.wss?uid=swg21686997

www.debian.org/security/2014/dsa-3053

www.securityfocus.com/bid/70585

www.securitytracker.com/id/1031053

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

exchange.xforce.ibmcloud.com/vulnerabilities/97037

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

kc.mcafee.com/corporate/index?page=content&id=SB10091

marc.info/?l=bugtraq&m=141477196830952&w=2

marc.info/?l=bugtraq&m=142103967620673&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=142804214608580&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

support.apple.com/HT205217

support.citrix.com/article/CTX216642

www.openssl.org/news/secadv_20141015.txt