CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Published : 2014-06-05 21:55 Updated : 2019-10-09 23:09

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
Openssl Openssl 1.0.0c cpe:/a:openssl:openssl:1.0.0c
Openssl Openssl 1.0.1g cpe:/a:openssl:openssl:1.0.1g
Openssl Openssl 1.0.1f cpe:/a:openssl:openssl:1.0.1f
Redhat Jboss Enterprise Application Platform 5.2.0 cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0
Redhat Jboss Enterprise Application Platform 6.2.3 cpe:/a:redhat:jboss_enterprise_application_platform:6.2.3
Redhat Jboss Enterprise Web Platform 5.2.0 cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0
Openssl Openssl 1.0.1a cpe:/a:openssl:openssl:1.0.1a
Openssl Openssl 1.0.1c cpe:/a:openssl:openssl:1.0.1c
Openssl Openssl 1.0.1b cpe:/a:openssl:openssl:1.0.1b
Redhat Storage 2.1 cpe:/a:redhat:storage:2.1
Openssl Openssl 1.0.1e cpe:/a:openssl:openssl:1.0.1e
Openssl Openssl 1.0.1d cpe:/a:openssl:openssl:1.0.1d
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta5
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta2
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta4
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta3
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta1
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta3
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta2
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0
Redhat Enterprise Linux 5 cpe:/o:redhat:enterprise_linux:5
Redhat Enterprise Linux 4 cpe:/o:redhat:enterprise_linux:4
Redhat Jboss Enterprise Web Server 2.0.1 cpe:/a:redhat:jboss_enterprise_web_server:2.0.1
Fedoraproject Fedora cpe:/o:fedoraproject:fedora
Openssl Openssl 1.0.0f cpe:/a:openssl:openssl:1.0.0f
Openssl Openssl 1.0.0e cpe:/a:openssl:openssl:1.0.0e
Openssl Openssl 1.0.0h cpe:/a:openssl:openssl:1.0.0h
Openssl Openssl 1.0.0g cpe:/a:openssl:openssl:1.0.0g
Openssl Openssl 1.0.0j cpe:/a:openssl:openssl:1.0.0j
Openssl Openssl 1.0.0i cpe:/a:openssl:openssl:1.0.0i
Openssl Openssl 1.0.0l cpe:/a:openssl:openssl:1.0.0l
Openssl Openssl 1.0.0k cpe:/a:openssl:openssl:1.0.0k
Openssl Openssl 0.9.8y cpe:/a:openssl:openssl:0.9.8y
Openssl Openssl 1.0.0b cpe:/a:openssl:openssl:1.0.0b
Openssl Openssl 1.0.0a cpe:/a:openssl:openssl:1.0.0a
Openssl Openssl 1.0.0d cpe:/a:openssl:openssl:1.0.0d
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
Opensuse Opensuse 13.2 cpe:/o:opensuse:opensuse:13.2
  1. Openssl (1) Search CVE
    1. Openssl (22) Search CVE
      1. 1.0.0c
      2. 1.0.1g
      3. 1.0.1f
      4. 1.0.1a
      5. 1.0.1c
      6. 1.0.1b
      7. 1.0.1e
      8. 1.0.1d
      9. 1.0.0
      10. 1.0.1
      11. 1.0.0f
      12. 1.0.0e
      13. 1.0.0h
      14. 1.0.0g
      15. 1.0.0j
      16. 1.0.0i
      17. 1.0.0l
      18. 1.0.0k
      19. 0.9.8y
      20. 1.0.0b
      21. 1.0.0a
      22. 1.0.0d
  2. Redhat (5) Search CVE
    1. Jboss Enterprise Web Platform (1) Search CVE
      1. 5.2.0
    2. Storage (1) Search CVE
      1. 2.1
    3. Enterprise Linux (3) Search CVE
      1. 6.0
      2. 5
      3. 4
    4. Jboss Enterprise Application Platform (2) Search CVE
      1. 5.2.0
      2. 6.2.3
    5. Jboss Enterprise Web Server (1) Search CVE
      1. 2.0.1
  3. Fedoraproject (1) Search CVE
    1. Fedora (1) Search CVE
  4. Opensuse (1) Search CVE
    1. Opensuse (2) Search CVE
      1. 13.1
      2. 13.2

CWE

ID Name Description Links
CWE-310 Cryptographic Issues Weaknesses in this category are related to the use of cryptography. CVE

References

Source Link
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
HP http://marc.info/?l=bugtraq&m=140266410314613&w=2
HP http://marc.info/?l=bugtraq&m=142350350616251&w=2
BUGTRAQ http://www.securityfocus.com/archive/1/534161/100/0/threaded
SECUNIA http://secunia.com/advisories/59310
SECUNIA http://secunia.com/advisories/59306
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677080
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
SECUNIA http://secunia.com/advisories/59518
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677131
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0633.html
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1053.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676889
SECUNIA http://secunia.com/advisories/59163
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676879
SECUNIA http://secunia.com/advisories/59460
CONFIRM https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037729
SECUNIA http://secunia.com/advisories/59189
CONFIRM https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
HP http://marc.info/?l=bugtraq&m=140621259019789&w=2
SECUNIA http://secunia.com/advisories/61254
SECUNIA http://secunia.com/advisories/59282
SECUNIA http://secunia.com/advisories/59374
FULLDISC http://seclists.org/fulldisclosure/2014/Jun/38
SECUNIA http://secunia.com/advisories/58714
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
SECUNIA http://secunia.com/advisories/59483
HP http://marc.info/?l=bugtraq&m=142805027510172&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0626.html
SECUNIA http://secunia.com/advisories/59167
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0624.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SECUNIA http://secunia.com/advisories/58977
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
CONFIRM http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683332
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
HP http://marc.info/?l=bugtraq&m=141658880509699&w=2
HP http://marc.info/?l=bugtraq&m=140983229106599&w=2
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676644
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676845
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0630.html
SECUNIA http://secunia.com/advisories/59444
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677836
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015300
SECUNIA http://secunia.com/advisories/59338
CONFIRM https://filezilla-project.org/versions.php?type=server
SECUNIA http://secunia.com/advisories/59132
SECUNIA http://secunia.com/advisories/59211
CONFIRM http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0631.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037732
MISC http://ccsinjection.lepidum.co.jp
SECUNIA http://secunia.com/advisories/59287
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
HP http://marc.info/?l=bugtraq&m=140904544427729&w=2
CONFIRM https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676071
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
HP http://marc.info/?l=bugtraq&m=140317760000786&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
CONFIRM http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
HP http://marc.info/?l=bugtraq&m=140431828824371&w=2
HP http://marc.info/?l=bugtraq&m=140386311427810&w=2
HP http://marc.info/?l=bugtraq&m=140369637402535&w=2
HP http://marc.info/?l=bugtraq&m=140448122410568&w=2
CONFIRM http://esupport.trendmicro.com/solution/en-US/1103813.aspx
HP http://marc.info/?l=bugtraq&m=140389274407904&w=2
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
HP http://marc.info/?l=bugtraq&m=140389355508263&w=2
SUSE http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
SECUNIA http://secunia.com/advisories/59040
SECUNIA http://secunia.com/advisories/59188
HP http://marc.info/?l=bugtraq&m=141164638606214&w=2
SECUNIA http://secunia.com/advisories/59186
SECUNIA http://secunia.com/advisories/58945
HP http://marc.info/?l=bugtraq&m=142546741516006&w=2
SECUNIA http://secunia.com/advisories/59004
SECUNIA http://secunia.com/advisories/59135
SECUNIA http://secunia.com/advisories/58337
SECUNIA http://secunia.com/advisories/58713
SECUNIA http://secunia.com/advisories/58660
SECUNIA http://secunia.com/advisories/58719
HP http://marc.info/?l=bugtraq&m=140870499402361&w=2
HP http://marc.info/?l=bugtraq&m=140491231331543&w=2
SECUNIA http://secunia.com/advisories/59142
HP http://marc.info/?l=bugtraq&m=140672208601650&w=2
HP http://marc.info/?l=bugtraq&m=141147110427269&w=2
SECUNIA http://secunia.com/advisories/58492
SECUNIA http://secunia.com/advisories/58433
SECUNIA http://secunia.com/advisories/59190
HP http://marc.info/?l=bugtraq&m=141383465822787&w=2
HP http://marc.info/?l=bugtraq&m=140784085708882&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0632.html
HP http://marc.info/?l=bugtraq&m=140794476212181&w=2
FULLDISC http://seclists.org/fulldisclosure/2014/Dec/23
CONFIRM http://puppetlabs.com/security/cve/cve-2014-0224
HP http://marc.info/?l=bugtraq&m=140752315422991&w=2
SECUNIA http://secunia.com/advisories/59093
HP http://marc.info/?l=bugtraq&m=140482916501310&w=2
SECUNIA http://secunia.com/advisories/58742
SECUNIA http://secunia.com/advisories/59101
SECUNIA http://secunia.com/advisories/59192
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0627.html
HP http://marc.info/?l=bugtraq&m=140499864129699&w=2
HP http://marc.info/?l=bugtraq&m=141383410222440&w=2
HP http://marc.info/?l=bugtraq&m=140852757108392&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0680.html
HP http://marc.info/?l=bugtraq&m=141025641601169&w=2
SECUNIA http://secunia.com/advisories/58667
SECUNIA http://secunia.com/advisories/59175
SECUNIA http://secunia.com/advisories/58716
HP http://marc.info/?l=bugtraq&m=140544599631400&w=2
HP http://marc.info/?l=bugtraq&m=140852826008699&w=2
HP http://marc.info/?l=bugtraq&m=140604261522465&w=2
SECUNIA http://secunia.com/advisories/58615
SECUNIA http://secunia.com/advisories/59231
GENTOO http://security.gentoo.org/glsa/glsa-201407-05.xml
SECUNIA http://secunia.com/advisories/59264
SECUNIA http://secunia.com/advisories/59529
SECUNIA http://secunia.com/advisories/59223
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
SECUNIA http://secunia.com/advisories/59525
SECUNIA http://secunia.com/advisories/59441
SECUNIA http://secunia.com/advisories/59661
SECUNIA http://secunia.com/advisories/59445
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
AIXAPAR http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506
CONFIRM http://support.citrix.com/article/CTX140876
SECUNIA http://secunia.com/advisories/59446
CONFIRM http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
SECUNIA http://secunia.com/advisories/59305
SECUNIA http://secunia.com/advisories/59440
SECUNIA http://secunia.com/advisories/59447
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675821
SECUNIA http://secunia.com/advisories/59362
SECUNIA http://secunia.com/advisories/59429
SECUNIA http://secunia.com/advisories/59502
SECUNIA http://secunia.com/advisories/59448
SECUNIA http://secunia.com/advisories/59375
SECUNIA http://secunia.com/advisories/59677
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
SECUNIA http://secunia.com/advisories/59364
SECUNIA http://secunia.com/advisories/59202
SECUNIA http://secunia.com/advisories/59347
SECUNIA http://secunia.com/advisories/59284
SECUNIA http://secunia.com/advisories/59435
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675626
SECUNIA http://secunia.com/advisories/59214
SECUNIA http://secunia.com/advisories/59437
SECUNIA http://secunia.com/advisories/59365
SECUNIA http://secunia.com/advisories/59454
SECUNIA http://secunia.com/advisories/59389
CONFIRM http://support.apple.com/kb/HT6443
SECUNIA http://secunia.com/advisories/59368
SECUNIA http://secunia.com/advisories/59449
SECUNIA http://secunia.com/advisories/59215
SECUNIA http://secunia.com/advisories/59380
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037731
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676496
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676333
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677390
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676501
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676536
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676786
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676833
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037870
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676478
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677567
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037761
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676334
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678233
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676615
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678289
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037727
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037730
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676529
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
CERT-VN http://www.kb.cert.org/vuls/id/978508
CONFIRM http://www.openssl.org/news/secadv_20140605.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1103586
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg24037783
CONFIRM http://www.blackberry.com/btsc/KB36051
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
CONFIRM http://www.kerio.com/support/kerio-control/release-history
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
SECTRACK http://www.securitytracker.com/id/1031594
CONFIRM http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
CONFIRM https://access.redhat.com/site/blogs/766093/posts/908133
AIXAPAR http://www.ibm.com/support/docview.wss?uid=swg1IT02314
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:105
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676877
CONFIRM http://www.splunk.com/view/SP-CAAAM2D
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015264
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0006.html
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676793
CONFIRM http://www.f-secure.com/en/web/labs_global/fsc-2014-6
SECTRACK http://www.securitytracker.com/id/1031032
CONFIRM http://www.fortiguard.com/advisory/FG-IR-14-018/
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21676356
CONFIRM https://discussions.nessus.org/thread/7517
CONFIRM http://www.ibm.com/support/docview.wss?uid=isg3T1020948
MISC https://www.imperialviolet.org/2014/06/05/earlyccs.html
CONFIRM https://www.novell.com/support/kb/doc.php?id=7015271
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CONFIRM https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
CONFIRM https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
CONFIRM https://www.ibm.com/support/docview.wss?uid=ssg1S1004671

History of changes

Date Event
2019-09-27 17:30
2019-04-22 17:48
2018-10-30 16:27
2018-10-09 19:38
2017-10-20 01:29
2017-08-09 05:25
2014-06-05 21:55

New CVE