Redhat Enterprise Unspecified Vulnerability

high Tenable.ot Plugin ID 500473
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Solution

Refer to vendor advisory for Security Updates

See Also

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=142546741516006&w=2

http://marc.info/?l=bugtraq&m=142805027510172&w=2

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

http://ccsinjection.lepidum.co.jp

http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html

http://esupport.trendmicro.com/solution/en-US/1103813.aspx

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217

http://linux.oracle.com/errata/ELSA-2014-1053.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html

http://marc.info/?l=bugtraq&m=140266410314613&w=2

http://marc.info/?l=bugtraq&m=140317760000786&w=2

http://marc.info/?l=bugtraq&m=140369637402535&w=2

http://marc.info/?l=bugtraq&m=140386311427810&w=2

http://marc.info/?l=bugtraq&m=140389274407904&w=2

http://marc.info/?l=bugtraq&m=140389355508263&w=2

http://marc.info/?l=bugtraq&m=140431828824371&w=2

http://marc.info/?l=bugtraq&m=140448122410568&w=2

http://marc.info/?l=bugtraq&m=140482916501310&w=2

http://marc.info/?l=bugtraq&m=140491231331543&w=2

http://marc.info/?l=bugtraq&m=140499864129699&w=2

http://marc.info/?l=bugtraq&m=140544599631400&w=2

http://marc.info/?l=bugtraq&m=140604261522465&w=2

http://marc.info/?l=bugtraq&m=140621259019789&w=2

http://marc.info/?l=bugtraq&m=140672208601650&w=2

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://marc.info/?l=bugtraq&m=140784085708882&w=2

http://marc.info/?l=bugtraq&m=140794476212181&w=2

http://marc.info/?l=bugtraq&m=140852757108392&w=2

http://marc.info/?l=bugtraq&m=140852826008699&w=2

http://marc.info/?l=bugtraq&m=140870499402361&w=2

http://marc.info/?l=bugtraq&m=140904544427729&w=2

http://marc.info/?l=bugtraq&m=140983229106599&w=2

http://marc.info/?l=bugtraq&m=141025641601169&w=2

http://marc.info/?l=bugtraq&m=141147110427269&w=2

http://marc.info/?l=bugtraq&m=141164638606214&w=2

http://marc.info/?l=bugtraq&m=141383410222440&w=2

http://marc.info/?l=bugtraq&m=141658880509699&w=2

http://marc.info/?l=bugtraq&m=142350350616251&w=2

http://puppetlabs.com/security/cve/cve-2014-0224

http://rhn.redhat.com/errata/RHSA-2014-0624.html

http://rhn.redhat.com/errata/RHSA-2014-0626.html

http://rhn.redhat.com/errata/RHSA-2014-0627.html

http://rhn.redhat.com/errata/RHSA-2014-0630.html

http://rhn.redhat.com/errata/RHSA-2014-0631.html

http://rhn.redhat.com/errata/RHSA-2014-0632.html

http://rhn.redhat.com/errata/RHSA-2014-0633.html

http://rhn.redhat.com/errata/RHSA-2014-0680.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://seclists.org/fulldisclosure/2014/Jun/38

http://secunia.com/advisories/58128

http://secunia.com/advisories/58337

http://secunia.com/advisories/58385

http://secunia.com/advisories/58433

http://secunia.com/advisories/58492

http://secunia.com/advisories/58579

http://secunia.com/advisories/58615

http://secunia.com/advisories/58639

http://secunia.com/advisories/58660

http://secunia.com/advisories/58667

http://secunia.com/advisories/58713

http://secunia.com/advisories/58714

http://secunia.com/advisories/58716

http://secunia.com/advisories/58719

http://secunia.com/advisories/58742

http://secunia.com/advisories/58743

http://secunia.com/advisories/58745

http://secunia.com/advisories/58759

http://secunia.com/advisories/58930

http://secunia.com/advisories/58939

http://secunia.com/advisories/58945

http://secunia.com/advisories/58977

http://secunia.com/advisories/59004

http://secunia.com/advisories/59012

http://secunia.com/advisories/59040

http://secunia.com/advisories/59043

http://secunia.com/advisories/59055

http://secunia.com/advisories/59063

http://secunia.com/advisories/59093

http://secunia.com/advisories/59101

http://secunia.com/advisories/59120

http://secunia.com/advisories/59126

http://secunia.com/advisories/59132

http://secunia.com/advisories/59135

http://secunia.com/advisories/59142

http://secunia.com/advisories/59162

http://secunia.com/advisories/59163

http://secunia.com/advisories/59167

http://secunia.com/advisories/59175

http://secunia.com/advisories/59186

http://secunia.com/advisories/59188

http://secunia.com/advisories/59189

http://secunia.com/advisories/59190

http://secunia.com/advisories/59191

http://secunia.com/advisories/59192

http://secunia.com/advisories/59202

http://secunia.com/advisories/59211

http://secunia.com/advisories/59214

http://secunia.com/advisories/59215

http://secunia.com/advisories/59223

http://secunia.com/advisories/59231

http://secunia.com/advisories/59264

http://secunia.com/advisories/59282

http://secunia.com/advisories/59284

http://secunia.com/advisories/59287

http://secunia.com/advisories/59300

http://secunia.com/advisories/59301

http://secunia.com/advisories/59305

http://secunia.com/advisories/59306

http://secunia.com/advisories/59310

http://secunia.com/advisories/59325

http://secunia.com/advisories/59338

http://secunia.com/advisories/59342

http://secunia.com/advisories/59347

http://secunia.com/advisories/59354

http://secunia.com/advisories/59362

http://secunia.com/advisories/59364

http://secunia.com/advisories/59365

http://secunia.com/advisories/59368

http://secunia.com/advisories/59370

http://secunia.com/advisories/59374

http://secunia.com/advisories/59375

http://secunia.com/advisories/59380

http://secunia.com/advisories/59383

http://secunia.com/advisories/59389

http://secunia.com/advisories/59413

http://secunia.com/advisories/59429

http://secunia.com/advisories/59435

http://secunia.com/advisories/59437

http://secunia.com/advisories/59438

http://secunia.com/advisories/59440

http://secunia.com/advisories/59441

http://secunia.com/advisories/59442

http://secunia.com/advisories/59444

http://secunia.com/advisories/59445

http://secunia.com/advisories/59446

http://secunia.com/advisories/59447

http://secunia.com/advisories/59448

http://secunia.com/advisories/59449

http://secunia.com/advisories/59450

http://secunia.com/advisories/59451

http://secunia.com/advisories/59454

http://secunia.com/advisories/59459

http://secunia.com/advisories/59460

http://secunia.com/advisories/59483

http://secunia.com/advisories/59490

http://secunia.com/advisories/59491

http://secunia.com/advisories/59495

http://secunia.com/advisories/59502

http://secunia.com/advisories/59506

http://secunia.com/advisories/59514

http://secunia.com/advisories/59518

http://secunia.com/advisories/59525

http://secunia.com/advisories/59528

http://secunia.com/advisories/59529

http://secunia.com/advisories/59530

http://secunia.com/advisories/59589

http://secunia.com/advisories/59602

http://secunia.com/advisories/59655

http://secunia.com/advisories/59659

http://secunia.com/advisories/59661

http://secunia.com/advisories/59666

http://secunia.com/advisories/59669

http://secunia.com/advisories/59677

http://secunia.com/advisories/59721

http://secunia.com/advisories/59784

http://secunia.com/advisories/59824

http://secunia.com/advisories/59827

http://secunia.com/advisories/59878

http://secunia.com/advisories/59885

http://secunia.com/advisories/59894

http://secunia.com/advisories/59916

http://secunia.com/advisories/59990

http://secunia.com/advisories/60049

http://secunia.com/advisories/60066

http://secunia.com/advisories/60176

http://secunia.com/advisories/60522

http://secunia.com/advisories/60567

http://secunia.com/advisories/60571

http://secunia.com/advisories/60577

http://secunia.com/advisories/60819

http://secunia.com/advisories/61254

http://secunia.com/advisories/61815

http://security.gentoo.org/glsa/glsa-201407-05.xml

http://support.apple.com/kb/HT6443

http://support.citrix.com/article/CTX140876

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

http://www.blackberry.com/btsc/KB36051

http://www.fortiguard.com/advisory/FG-IR-14-018/

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

http://www.ibm.com/support/docview.wss?uid=isg3T1020948

http://www.ibm.com/support/docview.wss?uid=ssg1S1004678

http://www.ibm.com/support/docview.wss?uid=swg1IT02314

http://www.ibm.com/support/docview.wss?uid=swg21676356

http://www.ibm.com/support/docview.wss?uid=swg21676793

http://www.ibm.com/support/docview.wss?uid=swg21676877

http://www.ibm.com/support/docview.wss?uid=swg24037783

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

http://www.kb.cert.org/vuls/id/978508

http://www.kerio.com/support/kerio-control/release-history

http://www.mandriva.com/security/advisories?name=MDVSA-2014:105

http://www.mandriva.com/security/advisories?name=MDVSA-2014:106

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.novell.com/support/kb/doc.php?id=7015264

http://www.novell.com/support/kb/doc.php?id=7015300

http://www.openssl.org/news/secadv_20140605.txt

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securitytracker.com/id/1031032

http://www.securitytracker.com/id/1031594

http://www.splunk.com/view/SP-CAAAM2D

http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

http://www-01.ibm.com/support/docview.wss?uid=swg21675626

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

http://www-01.ibm.com/support/docview.wss?uid=swg21676333

http://www-01.ibm.com/support/docview.wss?uid=swg21676334

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

http://www-01.ibm.com/support/docview.wss?uid=swg21676478

http://www-01.ibm.com/support/docview.wss?uid=swg21676496

http://www-01.ibm.com/support/docview.wss?uid=swg21676501

http://www-01.ibm.com/support/docview.wss?uid=swg21676529

http://www-01.ibm.com/support/docview.wss?uid=swg21676536

http://www-01.ibm.com/support/docview.wss?uid=swg21676615

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

http://www-01.ibm.com/support/docview.wss?uid=swg21676786

http://www-01.ibm.com/support/docview.wss?uid=swg21676833

http://www-01.ibm.com/support/docview.wss?uid=swg21676845

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

http://www-01.ibm.com/support/docview.wss?uid=swg21677080

http://www-01.ibm.com/support/docview.wss?uid=swg21677131

http://www-01.ibm.com/support/docview.wss?uid=swg21677390

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

http://www-01.ibm.com/support/docview.wss?uid=swg21677567

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

http://www-01.ibm.com/support/docview.wss?uid=swg21677836

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

http://www-01.ibm.com/support/docview.wss?uid=swg21678233

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

http://www-01.ibm.com/support/docview.wss?uid=swg24037727

http://www-01.ibm.com/support/docview.wss?uid=swg24037729

http://www-01.ibm.com/support/docview.wss?uid=swg24037730

http://www-01.ibm.com/support/docview.wss?uid=swg24037731

http://www-01.ibm.com/support/docview.wss?uid=swg24037732

http://www-01.ibm.com/support/docview.wss?uid=swg24037761

http://www-01.ibm.com/support/docview.wss?uid=swg24037870

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

https://access.redhat.com/site/blogs/766093/posts/908133

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1

https://bugzilla.redhat.com/show_bug.cgi?id=1103586

https://discussions.nessus.org/thread/7517

https://filezilla-project.org/versions.php?type=server

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

https://kb.bluecoat.com/index?page=content&id=SA80

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

https://www.ibm.com/support/docview.wss?uid=ssg1S1004670

https://www.ibm.com/support/docview.wss?uid=ssg1S1004671

https://www.imperialviolet.org/2014/06/05/earlyccs.html

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf

https://www.novell.com/support/kb/doc.php?id=7015271

https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

Plugin Details

Severity: High

ID: 500473

Version: 1.0

Type: local

Family: SCADA

Published: 8/10/2021

Updated: 8/10/2021

Risk Information

CVSS Score Source: CVE-2014-0224

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: High

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*, cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*, cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*, cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*, cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*, cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*, cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*, cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*, cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*, cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*, cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*, cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*

Patch Publication Date: 6/5/2014

Vulnerability Publication Date: 6/5/2014

Reference Information

CVE: CVE-2014-0224