CVE-2014-0224

MEDIUM

Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

http://ccsinjection.lepidum.co.jp

http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html

http://esupport.trendmicro.com/solution/en-US/1103813.aspx

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217

http://linux.oracle.com/errata/ELSA-2014-1053.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html

http://marc.info/?l=bugtraq&m=140266410314613&w=2

http://marc.info/?l=bugtraq&m=140317760000786&w=2

http://marc.info/?l=bugtraq&m=140369637402535&w=2

http://marc.info/?l=bugtraq&m=140386311427810&w=2

http://marc.info/?l=bugtraq&m=140389274407904&w=2

http://marc.info/?l=bugtraq&m=140389355508263&w=2

http://marc.info/?l=bugtraq&m=140431828824371&w=2

http://marc.info/?l=bugtraq&m=140448122410568&w=2

http://marc.info/?l=bugtraq&m=140482916501310&w=2

http://marc.info/?l=bugtraq&m=140491231331543&w=2

http://marc.info/?l=bugtraq&m=140499864129699&w=2

http://marc.info/?l=bugtraq&m=140544599631400&w=2

http://marc.info/?l=bugtraq&m=140604261522465&w=2

http://marc.info/?l=bugtraq&m=140621259019789&w=2

http://marc.info/?l=bugtraq&m=140672208601650&w=2

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://marc.info/?l=bugtraq&m=140784085708882&w=2

http://marc.info/?l=bugtraq&m=140794476212181&w=2

http://marc.info/?l=bugtraq&m=140852757108392&w=2

http://marc.info/?l=bugtraq&m=140852826008699&w=2

http://marc.info/?l=bugtraq&m=140870499402361&w=2

http://marc.info/?l=bugtraq&m=140904544427729&w=2

http://marc.info/?l=bugtraq&m=140983229106599&w=2

http://marc.info/?l=bugtraq&m=141025641601169&w=2

http://marc.info/?l=bugtraq&m=141147110427269&w=2

http://marc.info/?l=bugtraq&m=141164638606214&w=2

http://marc.info/?l=bugtraq&m=141383410222440&w=2

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=141658880509699&w=2

http://marc.info/?l=bugtraq&m=142350350616251&w=2

http://marc.info/?l=bugtraq&m=142546741516006&w=2

http://marc.info/?l=bugtraq&m=142805027510172&w=2

http://puppetlabs.com/security/cve/cve-2014-0224

http://rhn.redhat.com/errata/RHSA-2014-0624.html

http://rhn.redhat.com/errata/RHSA-2014-0626.html

http://rhn.redhat.com/errata/RHSA-2014-0627.html

http://rhn.redhat.com/errata/RHSA-2014-0630.html

http://rhn.redhat.com/errata/RHSA-2014-0631.html

http://rhn.redhat.com/errata/RHSA-2014-0632.html

http://rhn.redhat.com/errata/RHSA-2014-0633.html

http://rhn.redhat.com/errata/RHSA-2014-0680.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://seclists.org/fulldisclosure/2014/Jun/38

http://secunia.com/advisories/58128

http://secunia.com/advisories/58337

http://secunia.com/advisories/58385

http://secunia.com/advisories/58433

http://secunia.com/advisories/58492

http://secunia.com/advisories/58579

http://secunia.com/advisories/58615

http://secunia.com/advisories/58639

http://secunia.com/advisories/58660

http://secunia.com/advisories/58667

http://secunia.com/advisories/58713

http://secunia.com/advisories/58714

http://secunia.com/advisories/58716

http://secunia.com/advisories/58719

http://secunia.com/advisories/58742

http://secunia.com/advisories/58743

http://secunia.com/advisories/58745

http://secunia.com/advisories/58759

http://secunia.com/advisories/58930

http://secunia.com/advisories/58939

http://secunia.com/advisories/58945

http://secunia.com/advisories/58977

http://secunia.com/advisories/59004

http://secunia.com/advisories/59012

http://secunia.com/advisories/59040

http://secunia.com/advisories/59043

http://secunia.com/advisories/59055

http://secunia.com/advisories/59063

http://secunia.com/advisories/59093

http://secunia.com/advisories/59101

http://secunia.com/advisories/59120

http://secunia.com/advisories/59126

http://secunia.com/advisories/59132

http://secunia.com/advisories/59135

http://secunia.com/advisories/59142

http://secunia.com/advisories/59162

http://secunia.com/advisories/59163

http://secunia.com/advisories/59167

http://secunia.com/advisories/59175

http://secunia.com/advisories/59186

http://secunia.com/advisories/59188

http://secunia.com/advisories/59189

http://secunia.com/advisories/59190

http://secunia.com/advisories/59191

http://secunia.com/advisories/59192

http://secunia.com/advisories/59202

http://secunia.com/advisories/59211

http://secunia.com/advisories/59214

http://secunia.com/advisories/59215

http://secunia.com/advisories/59223

http://secunia.com/advisories/59231

http://secunia.com/advisories/59264

http://secunia.com/advisories/59282

http://secunia.com/advisories/59284

http://secunia.com/advisories/59287

http://secunia.com/advisories/59300

http://secunia.com/advisories/59301

http://secunia.com/advisories/59305

http://secunia.com/advisories/59306

http://secunia.com/advisories/59310

http://secunia.com/advisories/59325

http://secunia.com/advisories/59338

http://secunia.com/advisories/59342

http://secunia.com/advisories/59347

http://secunia.com/advisories/59354

http://secunia.com/advisories/59362

http://secunia.com/advisories/59364

http://secunia.com/advisories/59365

http://secunia.com/advisories/59368

http://secunia.com/advisories/59370

http://secunia.com/advisories/59374

http://secunia.com/advisories/59375

http://secunia.com/advisories/59380

http://secunia.com/advisories/59383

http://secunia.com/advisories/59389

http://secunia.com/advisories/59413

http://secunia.com/advisories/59429

http://secunia.com/advisories/59435

http://secunia.com/advisories/59437

http://secunia.com/advisories/59438

http://secunia.com/advisories/59440

http://secunia.com/advisories/59441

http://secunia.com/advisories/59442

http://secunia.com/advisories/59444

http://secunia.com/advisories/59445

http://secunia.com/advisories/59446

http://secunia.com/advisories/59447

http://secunia.com/advisories/59448

http://secunia.com/advisories/59449

http://secunia.com/advisories/59450

http://secunia.com/advisories/59451

http://secunia.com/advisories/59454

http://secunia.com/advisories/59459

http://secunia.com/advisories/59460

http://secunia.com/advisories/59483

http://secunia.com/advisories/59490

http://secunia.com/advisories/59491

http://secunia.com/advisories/59495

http://secunia.com/advisories/59502

http://secunia.com/advisories/59506

http://secunia.com/advisories/59514

http://secunia.com/advisories/59518

http://secunia.com/advisories/59525

http://secunia.com/advisories/59528

http://secunia.com/advisories/59529

http://secunia.com/advisories/59530

http://secunia.com/advisories/59589

http://secunia.com/advisories/59602

http://secunia.com/advisories/59655

http://secunia.com/advisories/59659

http://secunia.com/advisories/59661

http://secunia.com/advisories/59666

http://secunia.com/advisories/59669

http://secunia.com/advisories/59677

http://secunia.com/advisories/59721

http://secunia.com/advisories/59784

http://secunia.com/advisories/59824

http://secunia.com/advisories/59827

http://secunia.com/advisories/59878

http://secunia.com/advisories/59885

http://secunia.com/advisories/59894

http://secunia.com/advisories/59916

http://secunia.com/advisories/59990

http://secunia.com/advisories/60049

http://secunia.com/advisories/60066

http://secunia.com/advisories/60176

http://secunia.com/advisories/60522

http://secunia.com/advisories/60567

http://secunia.com/advisories/60571

http://secunia.com/advisories/60577

http://secunia.com/advisories/60819

http://secunia.com/advisories/61254

http://secunia.com/advisories/61815

http://security.gentoo.org/glsa/glsa-201407-05.xml

http://support.apple.com/kb/HT6443

http://support.citrix.com/article/CTX140876

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

http://www.blackberry.com/btsc/KB36051

http://www.fortiguard.com/advisory/FG-IR-14-018/

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

http://www.ibm.com/support/docview.wss?uid=isg3T1020948

http://www.ibm.com/support/docview.wss?uid=ssg1S1004678

http://www.ibm.com/support/docview.wss?uid=swg1IT02314

http://www.ibm.com/support/docview.wss?uid=swg21676356

http://www.ibm.com/support/docview.wss?uid=swg21676793

http://www.ibm.com/support/docview.wss?uid=swg21676877

http://www.ibm.com/support/docview.wss?uid=swg24037783

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

http://www.kb.cert.org/vuls/id/978508

http://www.kerio.com/support/kerio-control/release-history

http://www.mandriva.com/security/advisories?name=MDVSA-2014:105

http://www.mandriva.com/security/advisories?name=MDVSA-2014:106

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.novell.com/support/kb/doc.php?id=7015264

http://www.novell.com/support/kb/doc.php?id=7015300

http://www.openssl.org/news/secadv_20140605.txt

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securitytracker.com/id/1031032

http://www.securitytracker.com/id/1031594

http://www.splunk.com/view/SP-CAAAM2D

http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

http://www-01.ibm.com/support/docview.wss?uid=swg21675626

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

http://www-01.ibm.com/support/docview.wss?uid=swg21676333

http://www-01.ibm.com/support/docview.wss?uid=swg21676334

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

http://www-01.ibm.com/support/docview.wss?uid=swg21676478

http://www-01.ibm.com/support/docview.wss?uid=swg21676496

http://www-01.ibm.com/support/docview.wss?uid=swg21676501

http://www-01.ibm.com/support/docview.wss?uid=swg21676529

http://www-01.ibm.com/support/docview.wss?uid=swg21676536

http://www-01.ibm.com/support/docview.wss?uid=swg21676615

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

http://www-01.ibm.com/support/docview.wss?uid=swg21676786

http://www-01.ibm.com/support/docview.wss?uid=swg21676833

http://www-01.ibm.com/support/docview.wss?uid=swg21676845

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

http://www-01.ibm.com/support/docview.wss?uid=swg21677080

http://www-01.ibm.com/support/docview.wss?uid=swg21677131

http://www-01.ibm.com/support/docview.wss?uid=swg21677390

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

http://www-01.ibm.com/support/docview.wss?uid=swg21677567

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

http://www-01.ibm.com/support/docview.wss?uid=swg21677836

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

http://www-01.ibm.com/support/docview.wss?uid=swg21678233

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

http://www-01.ibm.com/support/docview.wss?uid=swg24037727

http://www-01.ibm.com/support/docview.wss?uid=swg24037729

http://www-01.ibm.com/support/docview.wss?uid=swg24037730

http://www-01.ibm.com/support/docview.wss?uid=swg24037731

http://www-01.ibm.com/support/docview.wss?uid=swg24037732

http://www-01.ibm.com/support/docview.wss?uid=swg24037761

http://www-01.ibm.com/support/docview.wss?uid=swg24037870

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

https://access.redhat.com/site/blogs/766093/posts/908133

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1

https://bugzilla.redhat.com/show_bug.cgi?id=1103586

https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

https://discussions.nessus.org/thread/7517

https://filezilla-project.org/versions.php?type=server

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

https://kb.bluecoat.com/index?page=content&id=SA80

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

https://www.ibm.com/support/docview.wss?uid=ssg1S1004670

https://www.ibm.com/support/docview.wss?uid=ssg1S1004671

https://www.imperialviolet.org/2014/06/05/earlyccs.html

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf

https://www.novell.com/support/kb/doc.php?id=7015271

Details

Source: MITRE

Published: 2014-06-05

Updated: 2020-07-28

Type: CWE-326

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (153 total)

IDNameProductFamilySeverity
129359MariaDB 10.0.0 < 10.0.13 Multiple VulnerabilitiesNessusDatabases
medium
124999EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)NessusHuawei Local Security Checks
medium
108515pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )NessusFirewalls
medium
89651openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)NessusSuSE Local Security Checks
critical
88991Cisco NX-OS OpenSSL Multiple VulnerabilitiesNessusCISCO
high
88990Cisco IOS XR OpenSSL Security Bypass (CSCup22654)NessusCISCO
medium
88989Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)NessusCISCO
medium
88988Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)NessusCISCO
medium
87678VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
86710Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA)NessusMisc.
medium
83716SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)NessusSuSE Local Security Checks
high
82428SuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)NessusSuSE Local Security Checks
high
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
81649Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)NessusWeb Servers
high
81242openSUSE Security Update : virtualbox (openSUSE-2015-116)NessusSuSE Local Security Checks
medium
80915Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)NessusWindows
medium
80799Oracle Solaris Third-Party Patch Update : wanboot (cve_2014_0224_cryptographic_issues)NessusSolaris Local Security Checks
medium
80723Oracle Solaris Third-Party Patch Update : openssl (cve_2014_0224_cryptographic_issues1)NessusSolaris Local Security Checks
medium
80322Fedora 20 : mingw-openssl-1.0.1j-1.fc20 (2014-17587) (POODLE)NessusFedora Local Security Checks
high
80319Fedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE)NessusFedora Local Security Checks
high
80197Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)NessusJunos Local Security Checks
high
79738SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)NessusSuSE Local Security Checks
medium
79555OracleVM 2.2 : openssl (OVMSA-2014-0040) (POODLE)NessusOracleVM Local Security Checks
medium
79554OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)NessusOracleVM Local Security Checks
medium
79547OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)NessusOracleVM Local Security Checks
high
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
critical
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
critical
79335IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security BypassNessusWeb Servers
medium
79027RHEL 6 : rhev-hypervisor6 (RHSA-2014:0629)NessusRed Hat Local Security Checks
medium
79026RHEL 6 : Storage Server (RHSA-2014:0628)NessusRed Hat Local Security Checks
high
79025RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)NessusRed Hat Local Security Checks
medium
78603Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)NessusCGI abuses
high
78586Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitMNessusPalo Alto Local Security Checks
medium
78294Amazon Linux AMI : openssl097a (ALAS-2014-351)NessusAmazon Linux Local Security Checks
medium
78293Amazon Linux AMI : openssl098e (ALAS-2014-350)NessusAmazon Linux Local Security Checks
medium
78292Amazon Linux AMI : openssl (ALAS-2014-349)NessusAmazon Linux Local Security Checks
high
78174F5 Networks BIG-IP : OpenSSL vulnerability (K15325)NessusF5 Networks Local Security Checks
medium
78111HP OfficeJet Printer Security Bypass (HPSBPI03107)NessusWeb Servers
medium
78110HP Printers Security Bypass (HPSBPI03107)NessusMisc.
medium
78024VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77749Mac OS X Multiple Vulnerabilities (Security Update 2014-004)NessusMacOS X Local Security Checks
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
8386Oracle MySQL 5.5.x < 5.5.39 / 5.6.x < 5.6.20 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
77670MySQL 5.6.x < 5.6.20 Multiple Vulnerabilities (October 2014 CPU)NessusDatabases
medium
77635EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)NessusWindows
high
77476Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL VulnerabilitiesNessusWeb Servers
medium
77475Apache Tomcat 7.0.x < 7.0.55 Multiple VulnerabilitiesNessusWeb Servers
medium
77389Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL VulnerabilitiesNessusWeb Servers
medium
77332VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
77331VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)NessusMacOS X Local Security Checks
medium
77281Puppet Enterprise 2.8.x / 3.2.x Multiple VulnerabilitiesNessusCGI abuses
medium
77245Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)NessusUbuntu Local Security Checks
high
77200OpenSSL 'ChangeCipherSpec' MiTM VulnerabilityNessusMisc.
medium
77152HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusSuSE Local Security Checks
high
77151HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusRed Hat Local Security Checks
high
77150HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusWindows
medium
77108Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)NessusFedora Local Security Checks
high
77107Fedora 19 : openssl-1.0.1e-39.fc19 (2014-9301)NessusFedora Local Security Checks
high
77057FireEye Operating System Multiple Vulnerabilities (SB001)NessusFirewalls
medium
77020HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple VulnerabilitiesNessusWindows
medium
77004Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL VulnerabilitiesNessusFTP
medium
77000Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10629)NessusJunos Local Security Checks
medium
76994VMware vCenter Support Assistant Multiple Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
76966VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76965VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)NessusMacOS X Local Security Checks
medium
76947VMware vCenter Converter Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76945VMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76892RHEL 7 : openssl098e (RHSA-2014:0680)NessusRed Hat Local Security Checks
medium
76891RHEL 7 : openssl (RHSA-2014:0679)NessusRed Hat Local Security Checks
high
76864GLSA-201407-05 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
76776HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)NessusCGI abuses
medium
76769HP Smart Update Manager 6.x < 6.4.1 Multiple VulnerabilitiesNessusCGI abuses
medium
76730Oracle Linux 7 : openssl098e (ELSA-2014-0680)NessusOracle Linux Local Security Checks
medium
76729Oracle Linux 7 : openssl (ELSA-2014-0679)NessusOracle Linux Local Security Checks
high
76596Oracle E-Business (July 2014 CPU)NessusMisc.
medium
76580McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76579McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)NessusMisc.
medium
76570Oracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)NessusMisc.
high
76535Fortinet FortiClient OpenSSL Security BypassNessusWindows
medium
76528Splunk Enterprise 4.3.x / 5.0.x < 5.0.9 / 6.0.x < 6.0.5 / 6.1.x < 6.1.2 Multiple OpenSSL VulnerabilitiesNessusWeb Servers
medium
76511LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)NessusMacOS X Local Security Checks
medium
76510LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWindows
medium
76495VMware vCenter Server Appliance Multiple Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
76493Fortinet OpenSSL Multiple VulnerabilitiesNessusMisc.
medium
76492Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL VulnerabilitiesNessusMacOS X Local Security Checks
medium
76491Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL VulnerabilitiesNessusWindows
medium
76457VMware Security Updates for vCenter Server (VMSA-2014-0006)NessusMisc.
medium
76456VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)NessusWindows
medium
76455VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)NessusGeneral
medium
76454VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)NessusWindows
medium
76453VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)NessusGeneral
medium
76452VMware Fusion < 5.0.5 / 6.0.4 OpenSSL Library Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
76428IBM General Parallel File System OpenSSL Security Bypass (Windows)NessusWindows
medium
76426VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76390HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)NessusWindows
medium
76368ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)NessusMisc.
medium
76360VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
76357HP Onboard Administrator < 4.22 Remote Information DisclosureNessusMisc.
medium
76356VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76355VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76345HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple VulnerabilitiesNessusWeb Servers
medium
76256Blue Coat ProxySG 6.4.x OpenSSL Security BypassNessusFirewalls
medium
76203ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)NessusMisc.
medium
76199Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3)NessusUbuntu Local Security Checks
high
76167WinSCP 5.x < 5.5.4 Multiple VulnerabilitiesNessusWindows
medium
76165Blue Coat ProxySG 6.5.x Multiple OpenSSL VulnerabilitiesNessusFirewalls
medium
76164Blue Coat ProxySG 6.2.x OpenSSL Security BypassNessusFirewalls
medium
76163Blue Coat ProxySG 4.x OpenSSL Security BypassNessusFirewalls
medium
76146McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76145McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76132Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSLNessusCISCO
medium
76131Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSLNessusCISCO
medium
76129Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)NessusWindows
medium
76128Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSLNessusCISCO
medium
76127Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM VulnerabilityNessusCISCO
medium
76124Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)NessusMisc.
medium
75383openSUSE Security Update : openssl (openSUSE-SU-2014:0764-1)NessusSuSE Local Security Checks
high
74512AIX OpenSSL Advisory : openssl_advisory9.docNessusAIX Local Security Checks
medium
74508Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2)NessusUbuntu Local Security Checks
high
74487Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140605)NessusScientific Linux Local Security Checks
medium
74484Oracle Linux 4 : openssl (ELSA-2014-3040)NessusOracle Linux Local Security Checks
medium
74470ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)NessusMisc.
medium
74465VMSA-2014-0006 : VMware product updates address OpenSSL security vulnerabilitiesNessusVMware ESX Local Security Checks
medium
74421stunnel < 5.02 OpenSSL Multiple VulnerabilitiesNessusWindows
medium
74415Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)NessusMandriva Local Security Checks
high
801619OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
74364OpenSSL 1.0.1 < 1.0.1h Multiple VulnerabilitiesNessusWeb Servers
high
74363OpenSSL 0.9.8 < 0.9.8za Multiple VulnerabilitiesNessusWeb Servers
medium
74353Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1)NessusUbuntu Local Security Checks
high
74352SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9326)NessusSuSE Local Security Checks
medium
74350Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140605)NessusScientific Linux Local Security Checks
high
74349Scientific Linux Security Update : openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 (20140605)NessusScientific Linux Local Security Checks
medium
74348RHEL 5 / 6 : openssl097a and openssl098e (RHSA-2014:0626)NessusRed Hat Local Security Checks
medium
74347RHEL 6 : openssl (RHSA-2014:0625)NessusRed Hat Local Security Checks
high
74346RHEL 5 : openssl (RHSA-2014:0624)NessusRed Hat Local Security Checks
medium
74345Oracle Linux 5 / 6 : openssl097a / openssl098e (ELSA-2014-0626)NessusOracle Linux Local Security Checks
medium
74344Oracle Linux 6 : openssl (ELSA-2014-0625)NessusOracle Linux Local Security Checks
high
74343Oracle Linux 5 : openssl (ELSA-2014-0624)NessusOracle Linux Local Security Checks
medium
74342FreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2)NessusFreeBSD Local Security Checks
high
74341Fedora 20 : openssl-1.0.1e-38.fc20 (2014-7102)NessusFedora Local Security Checks
high
74340Fedora 19 : openssl-1.0.1e-38.fc19 (2014-7101)NessusFedora Local Security Checks
high
74337Debian DSA-2950-1 : openssl - security updateNessusDebian Local Security Checks
high
74335CentOS 5 / 6 : openssl097a / openssl098e (CESA-2014:0626)NessusCentOS Local Security Checks
medium
74334CentOS 6 : openssl (CESA-2014:0625)NessusCentOS Local Security Checks
high
74333CentOS 5 : openssl (CESA-2014:0624)NessusCentOS Local Security Checks
medium
74331Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-156-03)NessusSlackware Local Security Checks
high
8253OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
74326OpenSSL 'ChangeCipherSpec' MiTM Potential VulnerabilityNessusMisc.
medium
73403OpenSSL 1.0.0 < 1.0.0m Multiple VulnerabilitiesNessusWeb Servers
high
66800Solaris 10 (sparc) : 150383-19 (deprecated)NessusSolaris Local Security Checks
medium
66740Solaris 10 (x86) : 148072-19 (deprecated)NessusSolaris Local Security Checks
medium
66739Solaris 10 (sparc) : 148071-19 (deprecated)NessusSolaris Local Security Checks
medium