U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.

CVE-2014-0224 Detail

Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.


Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  7.4 HIGH
Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc Third Party Advisory 
http://ccsinjection.lepidum.co.jp Third Party Advisory 
http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html Third Party Advisory 
http://esupport.trendmicro.com/solution/en-US/1103813.aspx Third Party Advisory 
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 Not Applicable 
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 Not Applicable 
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217 Third Party Advisory 
http://linux.oracle.com/errata/ELSA-2014-1053.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Third Party Advisory 
http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html Third Party Advisory 
http://marc.info/?l=bugtraq&m=140266410314613&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140317760000786&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140369637402535&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140386311427810&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140389274407904&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140389355508263&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140431828824371&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140448122410568&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140482916501310&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140491231331543&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140499864129699&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140544599631400&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140604261522465&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140621259019789&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140672208601650&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140752315422991&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140784085708882&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140794476212181&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140852757108392&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140852826008699&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140870499402361&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140904544427729&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=140983229106599&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141025641601169&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141147110427269&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141164638606214&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141383410222440&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141383465822787&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141658880509699&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142350350616251&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142546741516006&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142805027510172&w=2 Third Party Advisory 
http://puppetlabs.com/security/cve/cve-2014-0224 Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0624.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0626.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0627.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0630.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0631.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0632.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0633.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-0680.html Third Party Advisory 
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List  Third Party Advisory 
http://seclists.org/fulldisclosure/2014/Jun/38 Mailing List  Third Party Advisory 
http://secunia.com/advisories/58337 Third Party Advisory 
http://secunia.com/advisories/58433 Third Party Advisory 
http://secunia.com/advisories/58492 Third Party Advisory 
http://secunia.com/advisories/58615 Third Party Advisory 
http://secunia.com/advisories/58660 Third Party Advisory 
http://secunia.com/advisories/58667 Third Party Advisory 
http://secunia.com/advisories/58713 Third Party Advisory 
http://secunia.com/advisories/58714 Third Party Advisory 
http://secunia.com/advisories/58716 Third Party Advisory 
http://secunia.com/advisories/58719 Third Party Advisory 
http://secunia.com/advisories/58742 Third Party Advisory 
http://secunia.com/advisories/58945 Third Party Advisory 
http://secunia.com/advisories/58977 Third Party Advisory 
http://secunia.com/advisories/59004 Third Party Advisory 
http://secunia.com/advisories/59040 Third Party Advisory 
http://secunia.com/advisories/59093 Third Party Advisory 
http://secunia.com/advisories/59101 Third Party Advisory 
http://secunia.com/advisories/59132 Third Party Advisory 
http://secunia.com/advisories/59135 Third Party Advisory 
http://secunia.com/advisories/59142 Third Party Advisory 
http://secunia.com/advisories/59163 Third Party Advisory 
http://secunia.com/advisories/59167 Third Party Advisory 
http://secunia.com/advisories/59175 Third Party Advisory 
http://secunia.com/advisories/59186 Third Party Advisory 
http://secunia.com/advisories/59188 Third Party Advisory 
http://secunia.com/advisories/59189 Third Party Advisory 
http://secunia.com/advisories/59190 Third Party Advisory 
http://secunia.com/advisories/59192 Third Party Advisory 
http://secunia.com/advisories/59202 Third Party Advisory 
http://secunia.com/advisories/59211 Third Party Advisory 
http://secunia.com/advisories/59214 Third Party Advisory 
http://secunia.com/advisories/59215 Third Party Advisory 
http://secunia.com/advisories/59223 Third Party Advisory 
http://secunia.com/advisories/59231 Third Party Advisory 
http://secunia.com/advisories/59264 Third Party Advisory 
http://secunia.com/advisories/59282 Third Party Advisory 
http://secunia.com/advisories/59284 Third Party Advisory 
http://secunia.com/advisories/59287 Third Party Advisory 
http://secunia.com/advisories/59305 Third Party Advisory 
http://secunia.com/advisories/59306 Third Party Advisory 
http://secunia.com/advisories/59310 Third Party Advisory 
http://secunia.com/advisories/59338 Third Party Advisory 
http://secunia.com/advisories/59347 Third Party Advisory 
http://secunia.com/advisories/59362 Third Party Advisory 
http://secunia.com/advisories/59364 Third Party Advisory 
http://secunia.com/advisories/59365 Third Party Advisory 
http://secunia.com/advisories/59368 Third Party Advisory 
http://secunia.com/advisories/59374 Third Party Advisory 
http://secunia.com/advisories/59375 Third Party Advisory 
http://secunia.com/advisories/59380 Third Party Advisory 
http://secunia.com/advisories/59389 Third Party Advisory 
http://secunia.com/advisories/59429 Third Party Advisory 
http://secunia.com/advisories/59435 Third Party Advisory 
http://secunia.com/advisories/59437 Third Party Advisory 
http://secunia.com/advisories/59440 Third Party Advisory 
http://secunia.com/advisories/59441 Third Party Advisory 
http://secunia.com/advisories/59444 Third Party Advisory 
http://secunia.com/advisories/59445 Third Party Advisory 
http://secunia.com/advisories/59446 Third Party Advisory 
http://secunia.com/advisories/59447 Third Party Advisory 
http://secunia.com/advisories/59448 Third Party Advisory 
http://secunia.com/advisories/59449 Third Party Advisory 
http://secunia.com/advisories/59454 Third Party Advisory 
http://secunia.com/advisories/59460 Third Party Advisory 
http://secunia.com/advisories/59483 Third Party Advisory 
http://secunia.com/advisories/59502 Third Party Advisory 
http://secunia.com/advisories/59518 Third Party Advisory 
http://secunia.com/advisories/59525 Third Party Advisory 
http://secunia.com/advisories/59529 Third Party Advisory 
http://secunia.com/advisories/59661 Third Party Advisory 
http://secunia.com/advisories/59677 Third Party Advisory 
http://secunia.com/advisories/61254 Third Party Advisory 
http://security.gentoo.org/glsa/glsa-201407-05.xml Third Party Advisory 
http://support.apple.com/kb/HT6443 Third Party Advisory 
http://support.citrix.com/article/CTX140876 Third Party Advisory 
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html Third Party Advisory 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21675626 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21675821 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676071 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676333 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676334 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676478 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676496 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676501 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676536 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676615 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676644 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676786 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676833 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676845 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677080 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677131 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677390 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677567 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21678233 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21678289 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037727 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037729 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037730 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037731 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037732 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037761 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24037870 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 Third Party Advisory 
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737 Third Party Advisory 
http://www.blackberry.com/btsc/KB36051 Third Party Advisory 
http://www.f-secure.com/en/web/labs_global/fsc-2014-6 Third Party Advisory 
http://www.fortiguard.com/advisory/FG-IR-14-018/ Third Party Advisory 
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm Third Party Advisory 
http://www.ibm.com/support/docview.wss?uid=isg3T1020948 Broken Link 
http://www.ibm.com/support/docview.wss?uid=ssg1S1004678 Third Party Advisory 
http://www.ibm.com/support/docview.wss?uid=swg1IT02314 Third Party Advisory 
http://www.ibm.com/support/docview.wss?uid=swg21676356 Third Party Advisory 
http://www.ibm.com/support/docview.wss?uid=swg21676793 Broken Link 
http://www.ibm.com/support/docview.wss?uid=swg21676877 Third Party Advisory 
http://www.ibm.com/support/docview.wss?uid=swg24037783 Third Party Advisory 
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Third Party Advisory 
http://www.kb.cert.org/vuls/id/978508 Third Party Advisory  US Government Resource 
http://www.kerio.com/support/kerio-control/release-history Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory 
http://www.novell.com/support/kb/doc.php?id=7015264 Third Party Advisory 
http://www.novell.com/support/kb/doc.php?id=7015300 Third Party Advisory 
http://www.openssl.org/news/secadv_20140605.txt Vendor Advisory 
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch 
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Third Party Advisory 
http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable  Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031032 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031594 Third Party Advisory  VDB Entry 
http://www.splunk.com/view/SP-CAAAM2D Third Party Advisory 
http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download Third Party Advisory 
http://www.vmware.com/security/advisories/VMSA-2014-0006.html Third Party Advisory 
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory 
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Third Party Advisory 
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E Third Party Advisory 
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E Third Party Advisory 
https://access.redhat.com/site/blogs/766093/posts/908133 Third Party Advisory 
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues Third Party Advisory 
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1 Third Party Advisory 
https://bugzilla.redhat.com/show_bug.cgi?id=1103586 Issue Tracking 
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf Third Party Advisory 
https://discussions.nessus.org/thread/7517 Third Party Advisory 
https://filezilla-project.org/versions.php?type=server Third Party Advisory 
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory 
https://kb.bluecoat.com/index?page=content&id=SA80 Third Party Advisory 
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 Third Party Advisory 
https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005 Broken Link 
https://www.ibm.com/support/docview.wss?uid=ssg1S1004670 Third Party Advisory 
https://www.ibm.com/support/docview.wss?uid=ssg1S1004671 Third Party Advisory 
https://www.imperialviolet.org/2014/06/05/earlyccs.html Exploit 
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf Third Party Advisory 
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf Third Party Advisory 
https://www.novell.com/support/kb/doc.php?id=7015271 Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-326 Inadequate Encryption Strength cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

39 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-0224
NVD Published Date:
06/05/2014
NVD Last Modified:
11/06/2023
Source:
Red Hat, Inc.