CVE-2014-0224 OpenSSL MITM ChangeCipherSpec (CCS) Injection flaw

In additon, OpenSSL also regarding following seven vulnerabilities. Some of vendor had max tham to a “Security Advisories”

CVE Number CVSS base score Description
CVE-2014-0224 6.8 SSL/TLS MITM vulnerability
CVE-2014-0221 4.3 DTLS recursion flaw
CVE-2014-0195 6.8 DTLS invalid fragment vulnerability
CVE-2014-0198 4.3 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
CVE-2010-5298 4.0 SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-3470 4.3 Anonymous ECDH denial of service
CVE-2014-0076 4.3 ECDSA nonce disclosure using side-channel attack

About Networking Vendors

Vendor Affected Announcement Announce Date
A10 :!: Yes Link at A10(login required) 2014-06-05
Arbor Networks 2014-06-05
Aruba Networks :!: Yes External Document at Aruba Alert 2014-06-06
BlueCoat :!: Yes External link at BlueCoat KB 2014-06-06
CheckPoint No External link at CheckPoint 2014-06-06
Cisco :!: Yes External link at Cisco 2014-06-05
Enterasys (Part of Extreme)
Extreme Networks
F5 :!: Yes External link at F5 2014-06-05
FireEye :!: Yes External link at FireEye 2014-06-09
Fortinet :!: Yes External link at FortiGuard 2014-06-06
iMPERVA :!: Yes Only 10.5 External link at iMPERVA (login required) 2014-06-07
Juniper :!: Yes External link at Juniper KB 2014-06-??
McAfee :!: Yes External link at McAfee 2014-06-??
NetAxle External link at NetAxle
Palo Alto :!: Yes External link at Palo Alto 2014-06-09
Ruckus Wireless External link at Ruckus Security
Sourcefire (Part of Cisco) Check Cisco
Splunk :!: Yes External link at Splunk Answers 2014-06-09
VMware :!: Yes External link at VMware KB 2014-06-10
Websense :!: Yes External link at Websense 2014-06-12

Best Practices

Further Reading

cve/cve-2014-0224.txt · 上一次變更: 2014/06/26 11:07 由 jal
上一頁 | 下一頁 | 回首頁 | RSS Feed | Facebook