National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-0224 Detail

Current Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 7.4 HIGH
Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc Third Party Advisory
http://ccsinjection.lepidum.co.jp Third Party Advisory
http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html Third Party Advisory
http://esupport.trendmicro.com/solution/en-US/1103813.aspx Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217 Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1053.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html Third Party Advisory
http://marc.info/?l=bugtraq&m=140266410314613&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140317760000786&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140369637402535&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140386311427810&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140389274407904&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140389355508263&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140431828824371&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140448122410568&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140482916501310&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140491231331543&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140499864129699&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140544599631400&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140604261522465&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140621259019789&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140672208601650&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140784085708882&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140794476212181&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140852757108392&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140852826008699&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140870499402361&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140904544427729&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140983229106599&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141025641601169&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141147110427269&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141164638606214&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141383410222440&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141383465822787&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141658880509699&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=142350350616251&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=142546741516006&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=142805027510172&w=2 Third Party Advisory
http://puppetlabs.com/security/cve/cve-2014-0224 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0624.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0626.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0627.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0630.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0631.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0632.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0633.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0680.html Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Jun/38 Mailing List Third Party Advisory
http://secunia.com/advisories/58337 Third Party Advisory
http://secunia.com/advisories/58433 Third Party Advisory
http://secunia.com/advisories/58492 Third Party Advisory
http://secunia.com/advisories/58615 Third Party Advisory
http://secunia.com/advisories/58660 Third Party Advisory
http://secunia.com/advisories/58667 Third Party Advisory
http://secunia.com/advisories/58713 Third Party Advisory
http://secunia.com/advisories/58714 Third Party Advisory
http://secunia.com/advisories/58716 Third Party Advisory
http://secunia.com/advisories/58719 Third Party Advisory
http://secunia.com/advisories/58742 Third Party Advisory
http://secunia.com/advisories/58945 Third Party Advisory
http://secunia.com/advisories/58977 Third Party Advisory
http://secunia.com/advisories/59004 Third Party Advisory
http://secunia.com/advisories/59040 Third Party Advisory
http://secunia.com/advisories/59093 Third Party Advisory
http://secunia.com/advisories/59101 Third Party Advisory
http://secunia.com/advisories/59132 Third Party Advisory
http://secunia.com/advisories/59135 Third Party Advisory
http://secunia.com/advisories/59142 Third Party Advisory
http://secunia.com/advisories/59163 Third Party Advisory
http://secunia.com/advisories/59167 Third Party Advisory
http://secunia.com/advisories/59175 Third Party Advisory
http://secunia.com/advisories/59186 Third Party Advisory
http://secunia.com/advisories/59188 Third Party Advisory
http://secunia.com/advisories/59189 Third Party Advisory
http://secunia.com/advisories/59190 Third Party Advisory
http://secunia.com/advisories/59192 Third Party Advisory
http://secunia.com/advisories/59202 Third Party Advisory
http://secunia.com/advisories/59211 Third Party Advisory
http://secunia.com/advisories/59214 Third Party Advisory
http://secunia.com/advisories/59215 Third Party Advisory
http://secunia.com/advisories/59223 Third Party Advisory
http://secunia.com/advisories/59231 Third Party Advisory
http://secunia.com/advisories/59264 Third Party Advisory
http://secunia.com/advisories/59282 Third Party Advisory
http://secunia.com/advisories/59284 Third Party Advisory
http://secunia.com/advisories/59287 Third Party Advisory
http://secunia.com/advisories/59305 Third Party Advisory
http://secunia.com/advisories/59306 Third Party Advisory
http://secunia.com/advisories/59310 Third Party Advisory
http://secunia.com/advisories/59338 Third Party Advisory
http://secunia.com/advisories/59347 Third Party Advisory
http://secunia.com/advisories/59362 Third Party Advisory
http://secunia.com/advisories/59364 Third Party Advisory
http://secunia.com/advisories/59365 Third Party Advisory
http://secunia.com/advisories/59368 Third Party Advisory
http://secunia.com/advisories/59374 Third Party Advisory
http://secunia.com/advisories/59375 Third Party Advisory
http://secunia.com/advisories/59380 Third Party Advisory
http://secunia.com/advisories/59389 Third Party Advisory
http://secunia.com/advisories/59429 Third Party Advisory
http://secunia.com/advisories/59435 Third Party Advisory
http://secunia.com/advisories/59437 Third Party Advisory
http://secunia.com/advisories/59440 Third Party Advisory
http://secunia.com/advisories/59441 Third Party Advisory
http://secunia.com/advisories/59444 Third Party Advisory
http://secunia.com/advisories/59445 Third Party Advisory
http://secunia.com/advisories/59446 Third Party Advisory
http://secunia.com/advisories/59447 Third Party Advisory
http://secunia.com/advisories/59448 Third Party Advisory
http://secunia.com/advisories/59449 Third Party Advisory
http://secunia.com/advisories/59454 Third Party Advisory
http://secunia.com/advisories/59460 Third Party Advisory
http://secunia.com/advisories/59483 Third Party Advisory
http://secunia.com/advisories/59502 Third Party Advisory
http://secunia.com/advisories/59518 Third Party Advisory
http://secunia.com/advisories/59525 Third Party Advisory
http://secunia.com/advisories/59529 Third Party Advisory
http://secunia.com/advisories/59661 Third Party Advisory
http://secunia.com/advisories/59677 Third Party Advisory
http://secunia.com/advisories/61254 Third Party Advisory
http://security.gentoo.org/glsa/glsa-201407-05.xml Third Party Advisory
http://support.apple.com/kb/HT6443 Third Party Advisory
http://support.citrix.com/article/CTX140876 Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl Third Party Advisory
http://www.blackberry.com/btsc/KB36051 Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018/ Third Party Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-6 Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=isg3T1020948 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1004678 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg1IT02314 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676793 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676877 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783 Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Third Party Advisory
http://www.kb.cert.org/vuls/id/978508 Third Party Advisory US Government Resource
http://www.kerio.com/support/kerio-control/release-history Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015264 Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015300 Third Party Advisory
http://www.openssl.org/news/secadv_20140605.txt Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031032 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031594 Third Party Advisory VDB Entry
http://www.splunk.com/view/SP-CAAAM2D Third Party Advisory
http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675626 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675821 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676071 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676333 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676334 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676478 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676496 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676501 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676536 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676615 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676644 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676786 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676833 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676845 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677080 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677131 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677390 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677567 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678233 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678289 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037727 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037729 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037730 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037731 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037732 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037761 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037870 Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 Third Party Advisory
https://access.redhat.com/site/blogs/766093/posts/908133 Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1103586 Issue Tracking
https://discussions.nessus.org/thread/7517 Third Party Advisory
https://filezilla-project.org/versions.php?type=server Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441 Patch Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=ssg1S1004670 Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=ssg1S1004671 Third Party Advisory
https://www.imperialviolet.org/2014/06/05/earlyccs.html Exploit
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf Third Party Advisory
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf Third Party Advisory
https://www.novell.com/support/kb/doc.php?id=7015271 Third Party Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-310 Cryptographic Issues NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (including)
1.0.0
Up to (excluding)
1.0.0m

Configuration 2 ( hide )
 cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
     Show Matching CPE(s)

Configuration 3 ( hide )
 cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
Up to (including)
0.9.8y

Configuration 4 ( hide )
 cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (including)
1.0.1
Up to (excluding)
1.0.1h


Change History

30 change records found - show changes