差異處

這裏顯示兩個版本的差異處。

--- cve:cve-2014-0224 [2014/06/26 08:36] – jal
+++ cve:cve-2014-0224 [2014/06/26 11:07] (目前版本) – jal
@@ 行 1: / 行 1: @@
 ====== CVE-2014-0224 OpenSSL MITM ChangeCipherSpec (CCS) Injection flaw ======
+In additon, OpenSSL also regarding following seven vulnerabilities. Some of vendor had max tham to a "Security Advisories"
+^ CVE Number ^ CVSS base score ^ Description ^
+| [[http://www.cvedetails.com/cve/CVE-2014-0224|CVE-2014-0224]] | 6.8 | SSL/TLS MITM vulnerability |
+| [[http://www.cvedetails.com/cve/CVE-2014-0221|CVE-2014-0221]] | 4.3 | DTLS recursion flaw |
+| [[http://www.cvedetails.com/cve/CVE-2014-0195|CVE-2014-0195]] | 6.8 | DTLS invalid fragment vulnerability |
+| [[http://www.cvedetails.com/cve/CVE-2014-0198|CVE-2014-0198]] | 4.3 | SSL_MODE_RELEASE_BUFFERS NULL pointer dereference |
+| [[http://www.cvedetails.com/cve/CVE-2010-5298|CVE-2010-5298]] | 4.0 | SSL_MODE_RELEASE_BUFFERS session injection or denial of service |
+| [[http://www.cvedetails.com/cve/CVE-2014-3470|CVE-2014-3470]] | 4.3 | Anonymous ECDH denial of service |
+| [[http://www.cvedetails.com/cve/CVE-2014-0076|CVE-2014-0076]] | 4.3 | ECDSA nonce disclosure using side-channel attack |
 ===== About Networking Vendors =====
@@ 行 27: / 行 37: @@
 | TippingPoint | -- |  |  |
 | VMware | :!: Yes | [[http://www.vmware.com/security/advisories/VMSA-2014-0006.html|External link at VMware KB]] | 2014-06-10 |
-| Websense | :!: Yes | [[http://www.websense.com/support/article/kbarticle/OpenSSL-Man-in-the-Middle-Vulnerability-CVE-2014-0224|External link at Websense ]] | 2014-04-09 |
+| Websense | :!: Yes | [[http://www.websense.com/support/article/kbarticle/OpenSSL-Man-in-the-Middle-Vulnerability-CVE-2014-0224|External link at Websense ]] | 2014-06-12 |
 ===== Best Practices =====