CVE-2014-0224
05.06.2014, 21:55
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 𝑥 < 0.9.8za |
| openssl | openssl | 1.0.0 ≤ 𝑥 < 1.0.0m |
| openssl | openssl | 1.0.1 ≤ 𝑥 < 1.0.1h |
| redhat | jboss_enterprise_application_platform | 5.2.0 |
| redhat | jboss_enterprise_application_platform | 6.2.3 |
| redhat | jboss_enterprise_web_platform | 5.2.0 |
| redhat | jboss_enterprise_web_server | 2.0.1 |
| redhat | storage | 2.1 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux | 6.0 |
| filezilla-project | filezilla_server | 𝑥 < 0.9.45 |
| siemens | application_processing_engine_firmware | 𝑥 < 2.0.2 |
| siemens | cp1543-1_firmware | 𝑥 < 1.1.25 |
| siemens | s7-1500_firmware | 𝑥 < 1.6 |
| siemens | rox_firmware | 𝑥 < 1.16.1 |
| mariadb | mariadb | 10.0.0 ≤ 𝑥 < 10.0.13 |
| python | python | 2.7.0 ≤ 𝑥 < 2.7.8 |
| python | python | 3.4.0 ≤ 𝑥 < 3.4.2 |
| nodejs | node.js | 𝑥 < 0.10.29 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| openssl |
| ||||||||
| openssl098 |
|
Common Weakness Enumeration