Lucene search

Veracode Vulnerability DatabaseVERACODE:3483

HistoryFeb 07, 2017 - 2:08 a.m.

Man-in-the-Middle (MitM)

2017-02-0702:08:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.974 High

EPSS

Percentile

99.9%

JSON

OpenSSL is vulnerable to man in the middle (MitM) attacks. These attacks are possible because an attacker can force OpenSSL to use a zero-length master key. This allows attackers to hijack sessions and obtain sensitive information. This is also known as the “CCS Injection”.

CPENameOperatorVersion
opensslle1.0.1g
opensslle1.0.1g

CPE	Name	Operator	Version
	openssl	le	1.0.1g
	openssl	le	1.0.1g

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

ccsinjection.lepidum.co.jp

dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html

esupport.trendmicro.com/solution/en-US/1103813.aspx

kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

kb.juniper.net/InfoCenter/index?page=content&id=KB29195

kb.juniper.net/InfoCenter/index?page=content&id=KB29217

linux.oracle.com/errata/ELSA-2014-1053.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2015-02/msg00030.html

marc.info/?l=bugtraq&m=140266410314613&w=2

marc.info/?l=bugtraq&m=140317760000786&w=2

marc.info/?l=bugtraq&m=140369637402535&w=2

marc.info/?l=bugtraq&m=140386311427810&w=2

marc.info/?l=bugtraq&m=140389274407904&w=2

marc.info/?l=bugtraq&m=140389355508263&w=2

marc.info/?l=bugtraq&m=140431828824371&w=2

marc.info/?l=bugtraq&m=140448122410568&w=2

marc.info/?l=bugtraq&m=140482916501310&w=2

marc.info/?l=bugtraq&m=140491231331543&w=2

marc.info/?l=bugtraq&m=140499864129699&w=2

marc.info/?l=bugtraq&m=140544599631400&w=2

marc.info/?l=bugtraq&m=140604261522465&w=2

marc.info/?l=bugtraq&m=140621259019789&w=2

marc.info/?l=bugtraq&m=140672208601650&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=140784085708882&w=2

marc.info/?l=bugtraq&m=140794476212181&w=2

marc.info/?l=bugtraq&m=140852757108392&w=2

marc.info/?l=bugtraq&m=140852826008699&w=2

marc.info/?l=bugtraq&m=140870499402361&w=2

marc.info/?l=bugtraq&m=140904544427729&w=2

marc.info/?l=bugtraq&m=140983229106599&w=2

marc.info/?l=bugtraq&m=141025641601169&w=2

marc.info/?l=bugtraq&m=141147110427269&w=2

marc.info/?l=bugtraq&m=141164638606214&w=2

marc.info/?l=bugtraq&m=141383410222440&w=2

marc.info/?l=bugtraq&m=141383465822787&w=2

marc.info/?l=bugtraq&m=141658880509699&w=2

marc.info/?l=bugtraq&m=142350350616251&w=2

marc.info/?l=bugtraq&m=142546741516006&w=2

marc.info/?l=bugtraq&m=142805027510172&w=2

puppetlabs.com/security/cve/cve-2014-0224

rhn.redhat.com/errata/RHSA-2014-0624.html

rhn.redhat.com/errata/RHSA-2014-0626.html

rhn.redhat.com/errata/RHSA-2014-0627.html

rhn.redhat.com/errata/RHSA-2014-0630.html

rhn.redhat.com/errata/RHSA-2014-0631.html

rhn.redhat.com/errata/RHSA-2014-0632.html

rhn.redhat.com/errata/RHSA-2014-0633.html

rhn.redhat.com/errata/RHSA-2014-0680.html

seclists.org/fulldisclosure/2014/Dec/23

seclists.org/fulldisclosure/2014/Jun/38

secunia.com/advisories/58128

secunia.com/advisories/58337

secunia.com/advisories/58385

secunia.com/advisories/58433

secunia.com/advisories/58492

secunia.com/advisories/58579

secunia.com/advisories/58615

secunia.com/advisories/58639

secunia.com/advisories/58660

secunia.com/advisories/58667

secunia.com/advisories/58713

secunia.com/advisories/58714

secunia.com/advisories/58716

secunia.com/advisories/58719

secunia.com/advisories/58742

secunia.com/advisories/58743

secunia.com/advisories/58745

secunia.com/advisories/58759

secunia.com/advisories/58930

secunia.com/advisories/58939

secunia.com/advisories/58945

secunia.com/advisories/58977

secunia.com/advisories/59004

secunia.com/advisories/59012

secunia.com/advisories/59040

secunia.com/advisories/59043

secunia.com/advisories/59055

secunia.com/advisories/59063

secunia.com/advisories/59093

secunia.com/advisories/59101

secunia.com/advisories/59120

secunia.com/advisories/59126

secunia.com/advisories/59132

secunia.com/advisories/59135

secunia.com/advisories/59142

secunia.com/advisories/59162

secunia.com/advisories/59163

secunia.com/advisories/59167

secunia.com/advisories/59175

secunia.com/advisories/59186

secunia.com/advisories/59188

secunia.com/advisories/59189

secunia.com/advisories/59190

secunia.com/advisories/59191

secunia.com/advisories/59192

secunia.com/advisories/59202

secunia.com/advisories/59211

secunia.com/advisories/59214

secunia.com/advisories/59215

secunia.com/advisories/59223

secunia.com/advisories/59231

secunia.com/advisories/59264

secunia.com/advisories/59282

secunia.com/advisories/59284

secunia.com/advisories/59287

secunia.com/advisories/59300

secunia.com/advisories/59301

secunia.com/advisories/59305

secunia.com/advisories/59306

secunia.com/advisories/59310

secunia.com/advisories/59325

secunia.com/advisories/59338

secunia.com/advisories/59342

secunia.com/advisories/59347

secunia.com/advisories/59354

secunia.com/advisories/59362

secunia.com/advisories/59364

secunia.com/advisories/59365

secunia.com/advisories/59368

secunia.com/advisories/59370

secunia.com/advisories/59374

secunia.com/advisories/59375

secunia.com/advisories/59380

secunia.com/advisories/59383

secunia.com/advisories/59389

secunia.com/advisories/59413

secunia.com/advisories/59429

secunia.com/advisories/59435

secunia.com/advisories/59437

secunia.com/advisories/59438

secunia.com/advisories/59440

secunia.com/advisories/59441

secunia.com/advisories/59442

secunia.com/advisories/59444

secunia.com/advisories/59445

secunia.com/advisories/59446

secunia.com/advisories/59447

secunia.com/advisories/59448

secunia.com/advisories/59449

secunia.com/advisories/59450

secunia.com/advisories/59451

secunia.com/advisories/59454

secunia.com/advisories/59459

secunia.com/advisories/59460

secunia.com/advisories/59483

secunia.com/advisories/59490

secunia.com/advisories/59491

secunia.com/advisories/59495

secunia.com/advisories/59502

secunia.com/advisories/59506

secunia.com/advisories/59514

secunia.com/advisories/59518

secunia.com/advisories/59525

secunia.com/advisories/59528

secunia.com/advisories/59529

secunia.com/advisories/59530

secunia.com/advisories/59589

secunia.com/advisories/59602

secunia.com/advisories/59655

secunia.com/advisories/59659

secunia.com/advisories/59661

secunia.com/advisories/59666

secunia.com/advisories/59669

secunia.com/advisories/59677

secunia.com/advisories/59721

secunia.com/advisories/59784

secunia.com/advisories/59824

secunia.com/advisories/59827

secunia.com/advisories/59878

secunia.com/advisories/59885

secunia.com/advisories/59894

secunia.com/advisories/59916

secunia.com/advisories/59990

secunia.com/advisories/60049

secunia.com/advisories/60066

secunia.com/advisories/60176

secunia.com/advisories/60522

secunia.com/advisories/60567

secunia.com/advisories/60571

secunia.com/advisories/60577

secunia.com/advisories/60819

secunia.com/advisories/61254

secunia.com/advisories/61815

security.gentoo.org/glsa/glsa-201407-05.xml

support.apple.com/kb/HT6443

support.citrix.com/article/CTX140876

support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=nas8N1020163

www-01.ibm.com/support/docview.wss?uid=nas8N1020172

www-01.ibm.com/support/docview.wss?uid=ssg1S1004690

www-01.ibm.com/support/docview.wss?uid=swg1IV61506

www-01.ibm.com/support/docview.wss?uid=swg21673137

www-01.ibm.com/support/docview.wss?uid=swg21675626

www-01.ibm.com/support/docview.wss?uid=swg21675821

www-01.ibm.com/support/docview.wss?uid=swg21676035

www-01.ibm.com/support/docview.wss?uid=swg21676062

www-01.ibm.com/support/docview.wss?uid=swg21676071

www-01.ibm.com/support/docview.wss?uid=swg21676333

www-01.ibm.com/support/docview.wss?uid=swg21676334

www-01.ibm.com/support/docview.wss?uid=swg21676419

www-01.ibm.com/support/docview.wss?uid=swg21676478

www-01.ibm.com/support/docview.wss?uid=swg21676496

www-01.ibm.com/support/docview.wss?uid=swg21676501

www-01.ibm.com/support/docview.wss?uid=swg21676529

www-01.ibm.com/support/docview.wss?uid=swg21676536

www-01.ibm.com/support/docview.wss?uid=swg21676615

www-01.ibm.com/support/docview.wss?uid=swg21676644

www-01.ibm.com/support/docview.wss?uid=swg21676655

www-01.ibm.com/support/docview.wss?uid=swg21676786

www-01.ibm.com/support/docview.wss?uid=swg21676833

www-01.ibm.com/support/docview.wss?uid=swg21676845

www-01.ibm.com/support/docview.wss?uid=swg21676879

www-01.ibm.com/support/docview.wss?uid=swg21676889

www-01.ibm.com/support/docview.wss?uid=swg21677080

www-01.ibm.com/support/docview.wss?uid=swg21677131

www-01.ibm.com/support/docview.wss?uid=swg21677390

www-01.ibm.com/support/docview.wss?uid=swg21677527

www-01.ibm.com/support/docview.wss?uid=swg21677567

www-01.ibm.com/support/docview.wss?uid=swg21677695

www-01.ibm.com/support/docview.wss?uid=swg21677828

www-01.ibm.com/support/docview.wss?uid=swg21677836

www-01.ibm.com/support/docview.wss?uid=swg21678167

www-01.ibm.com/support/docview.wss?uid=swg21678233

www-01.ibm.com/support/docview.wss?uid=swg21678289

www-01.ibm.com/support/docview.wss?uid=swg21683332

www-01.ibm.com/support/docview.wss?uid=swg24037727

www-01.ibm.com/support/docview.wss?uid=swg24037729

www-01.ibm.com/support/docview.wss?uid=swg24037730

www-01.ibm.com/support/docview.wss?uid=swg24037731

www-01.ibm.com/support/docview.wss?uid=swg24037732

www-01.ibm.com/support/docview.wss?uid=swg24037761

www-01.ibm.com/support/docview.wss?uid=swg24037870

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

www.blackberry.com/btsc/KB36051

www.f-secure.com/en/web/labs_global/fsc-2014-6

www.fortiguard.com/advisory/FG-IR-14-018/

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

www.ibm.com/support/docview.wss?uid=isg3T1020948

www.ibm.com/support/docview.wss?uid=ssg1S1004678

www.ibm.com/support/docview.wss?uid=swg1IT02314

www.ibm.com/support/docview.wss?uid=swg21676356

www.ibm.com/support/docview.wss?uid=swg21676793

www.ibm.com/support/docview.wss?uid=swg21676877

www.ibm.com/support/docview.wss?uid=swg24037783

www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

www.kb.cert.org/vuls/id/978508

www.kerio.com/support/kerio-control/release-history

www.mandriva.com/security/advisories?name=MDVSA-2014:105

www.mandriva.com/security/advisories?name=MDVSA-2014:106

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.novell.com/support/kb/doc.php?id=7015264

www.novell.com/support/kb/doc.php?id=7015300

www.openssl.org/news/secadv_20140605.txt

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securitytracker.com/id/1031032

www.securitytracker.com/id/1031594

www.splunk.com/view/SP-CAAAM2D

www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download

www.vmware.com/security/advisories/VMSA-2014-0006.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

access.redhat.com/site/blogs/766093/posts/908133

blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues

blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1

bugzilla.redhat.com/show_bug.cgi?id=1103586

cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

discussions.nessus.org/thread/7517

filezilla-project.org/versions.php?type=server

git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

kb.bluecoat.com/index?page=content&id=SA80

kc.mcafee.com/corporate/index?page=content&id=SB10075

www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005

www.ibm.com/support/docview.wss?uid=ssg1S1004670

www.ibm.com/support/docview.wss?uid=ssg1S1004671

www.imperialviolet.org/2014/06/05/earlyccs.html

www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf

www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf

www.novell.com/support/kb/doc.php?id=7015271

www.openssl.org/news/secadv/20140605.txt