CVE-2014-4630

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
dellbsafe_micro-edition-suite
4.0.0
dellbsafe_micro-edition-suite
4.0.1
dellbsafe_micro-edition-suite
4.0.2
dellbsafe_micro-edition-suite
4.0.3
dellbsafe_micro-edition-suite
4.0.4
dellbsafe_micro-edition-suite
4.0.5
dellbsafe_ssl-j
𝑥
≤ 6.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html
http://www.securityfocus.com/bid/72534
https://secure-resumption.com/
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html
http://www.securityfocus.com/bid/72534
https://secure-resumption.com/