CVE-2014-0224 in Oracle Tekelec HLR Router情報

要約 (英語)

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

予約する

2013年12月03日

公開

2014年06月05日

エントリ

VulDB provides additional information and datapoints for this CVE:

識別子脆弱性CWE悪用可対策CVE
108018Oracle Tekelec HLR Router OpenSSL 弱い暗号化310高い公式な修正CVE-2014-0224
92913Oracle Communications Policy Management OpenSSL 弱い暗号化310高い公式な修正CVE-2014-0224
92872Oracle Enterprise Session Border Controller OpenSSL 弱い暗号化310高い公式な修正CVE-2014-0224
92871Oracle Enterprise Communications Broker OpenSSL 弱い暗号化310高い公式な修正CVE-2014-0224
90011Oracle Financial Services Lending/Leasing Admin/setup 弱い暗号化310高い公式な修正CVE-2014-0224
68793Oracle VM VirtualBox Messages 弱い暗号化310高い公式な修正CVE-2014-0224
68785Oracle SPARC Enterprise M3000/M4000/M5000/M8000/M9000 XCP Firmware 弱い暗号化310高い公式な修正CVE-2014-0224
68784Oracle Integrated Lights Out Manager Messages 弱い暗号化310高い公式な修正CVE-2014-0224
68688Oracle Enterprise Manager Ops Center Networking 弱い暗号化310高い公式な修正CVE-2014-0224
68651Oracle Exalogic Infrastructure Network Infra 弱い暗号化310高い公式な修正CVE-2014-0224
67970Oracle MySQL Server Messages 弱い暗号化310高い公式な修正CVE-2014-0224
67948Oracle Fujitsu M10-1/Fujitsu M10-4/Fujitsu M10-4S XCP 弱い暗号化310高い公式な修正CVE-2014-0224
67871Oracle Endeca Information Discovery Studio Messages 弱い暗号化310高い公式な修正CVE-2014-0224
67658Apple Mac OS X Messages 弱い暗号化310高い公式な修正CVE-2014-0224
67145Oracle Secure Global Desktop 弱い暗号化310未定義公式な修正CVE-2014-0224
67095Oracle Applications Technology Stack IAS For App Technology 弱い暗号化310未定義公式な修正CVE-2014-0224
13452OpenSSL Handshake 弱い暗号化310高い公式な修正CVE-2014-0224

説明

CPE

CWE

CVSS

エクスプロイト

履歴

差分

リンクする

脅威インテリジェンス

API JSON

API XML

API CSV

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!