CVE-2014-3511 in OpenSSLinfo

Zusammenfassung (Englisch)

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservieren

14.05.2014

Veröffentlichung

13.08.2014

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
67304	OpenSSL TLS 1.0 Message Fragmentation schwache Verschlüsselung	311	Nicht definiert	Offizieller Fix	CVE-2014-3511

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!