CVE-2014-0224

Severity

74%

Complexity

22%

Confidentiality

86%

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS 3.1 Base Score 7.4. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 10 years ago

2014-06-05 21:55:00

Last updated 5 years ago

2019-10-09 23:09:00

Affected Software

OpenSSL Project OpenSSL

Red Hat JBoss Enterprise Application Platform (EAP) 5.2.0

5.2.0

Red Hat JBoss Enterprise Application Platform (EAP) 6.2.3

6.2.3

RedHat JBoss Enterprise Web Platform 5.2.0

5.2.0

RedHat JBoss Enterprise Web Server 2.0.1

2.0.1

Red Hat Storage 2.1

2.1

Fedora

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Red Hat Enterprise Linux 4

4

Red Hat Enterprise Linux 5

5

Red Hat Enterprise Linux 6.0

6.0

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

Third Party Advisory

http://ccsinjection.lepidum.co.jp

Third Party Advisory

http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html

Third Party Advisory

http://esupport.trendmicro.com/solution/en-US/1103813.aspx

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-1053.html

Third Party Advisory

FEDORA-2014-9301

Third Party Advisory

FEDORA-2014-9308

Third Party Advisory

SUSE-SU-2015:0578

Third Party Advisory

SUSE-SU-2015:0743

Third Party Advisory

openSUSE-SU-2016:0640

Third Party Advisory

openSUSE-SU-2015:0229

Third Party Advisory

HPSBUX03046

Third Party Advisory

HPSBOV03047

Third Party Advisory

HPSBMU03053

Third Party Advisory

HPSBMU03058

Third Party Advisory

HPSBMU03057

Third Party Advisory

HPSBMU03056

Third Party Advisory

HPSBMU03055

Third Party Advisory

HPSBMU03051

Third Party Advisory

HPSBGN03050

Third Party Advisory

HPSBMU03065

Third Party Advisory

HPSBMU03070

Third Party Advisory

HPSBGN03068

Third Party Advisory

HPSBMU03071

Third Party Advisory

HPSBMU03074

Third Party Advisory

HPSBMU03078

Third Party Advisory

HPSBMU03062

Third Party Advisory

HPSBMU03089

Third Party Advisory

HPSBHF03088

Third Party Advisory

HPSBMU03094

Third Party Advisory

HPSBMU03101

Third Party Advisory

HPSBST03098

Third Party Advisory

HPSBMU03076

Third Party Advisory

HPSBMU03083

Third Party Advisory

HPSBST03106

Third Party Advisory

HPSBPI03107

Third Party Advisory

HPSBST03103

Third Party Advisory

HPSBST03097

Third Party Advisory

HPSBHF03145

Third Party Advisory

HPSBHF03052

Third Party Advisory

SSRT101818

Third Party Advisory

HPSBST03265

Third Party Advisory

HPSBST03195

Third Party Advisory

http://puppetlabs.com/security/cve/cve-2014-0224

Third Party Advisory

RHSA-2014:0624

Third Party Advisory

RHSA-2014:0626

Third Party Advisory

RHSA-2014:0627

Third Party Advisory

RHSA-2014:0630

Third Party Advisory

RHSA-2014:0631

Third Party Advisory

RHSA-2014:0632

Third Party Advisory

RHSA-2014:0633

Third Party Advisory

RHSA-2014:0680

Third Party Advisory

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Mailing List, Third Party Advisory

20140607 Re: More OpenSSL issues

Mailing List, Third Party Advisory

58128

Third Party Advisory

58337

Third Party Advisory

58385

Third Party Advisory

58433

Third Party Advisory

58492

Third Party Advisory

58579

Third Party Advisory

58615

Third Party Advisory

58639

Third Party Advisory

58660

Third Party Advisory

58667

Third Party Advisory

58713

Third Party Advisory

58714

Third Party Advisory

58716

Third Party Advisory

58719

Third Party Advisory

58742

Third Party Advisory

58743

Third Party Advisory

58745

Third Party Advisory

58759

Third Party Advisory

58930

Third Party Advisory

58939

Third Party Advisory

58945

Third Party Advisory

58977

Third Party Advisory

59004

Third Party Advisory

59012

Third Party Advisory

59040

Third Party Advisory

59043

Third Party Advisory

59055

Third Party Advisory

59063

Third Party Advisory

59093

Third Party Advisory

59101

Third Party Advisory

59120

Third Party Advisory

59126

Third Party Advisory

59132

Third Party Advisory

59135

Third Party Advisory

59142

Third Party Advisory

59162

Third Party Advisory

59163

Third Party Advisory

59167

Third Party Advisory

59175

Third Party Advisory

59186

Third Party Advisory

59188

Third Party Advisory

59189

Third Party Advisory

59190

Third Party Advisory

59191

Third Party Advisory

59192

Third Party Advisory

59202

Third Party Advisory

59211

Third Party Advisory

59214

Third Party Advisory

59215

Third Party Advisory

59223

Third Party Advisory

59231

Third Party Advisory

59264

Third Party Advisory

59282

Third Party Advisory

59284

Third Party Advisory

59287

Third Party Advisory

59300

Third Party Advisory

59301

Third Party Advisory

59305

Third Party Advisory

59306

Third Party Advisory

59310

Third Party Advisory

59325

Third Party Advisory

59338

Third Party Advisory

59342

Third Party Advisory

59347

Third Party Advisory

59354

Third Party Advisory

59362

Third Party Advisory

59364

Third Party Advisory

59365

Third Party Advisory

59368

Third Party Advisory

59370

Third Party Advisory

59374

Third Party Advisory

59375

Third Party Advisory

59380

Third Party Advisory

59383

Third Party Advisory

59389

Third Party Advisory

59413

Third Party Advisory

59429

Third Party Advisory

59435

Third Party Advisory

59437

Third Party Advisory

59438

Third Party Advisory

59440

Third Party Advisory

59441

Third Party Advisory

59442

Third Party Advisory

59444

Third Party Advisory

59445

Third Party Advisory

59446

Third Party Advisory

59447

Third Party Advisory

59448

Third Party Advisory

59449

Third Party Advisory

59450

Third Party Advisory

59451

Third Party Advisory

59454

Third Party Advisory

59459

Third Party Advisory

59460

Third Party Advisory

59483

Third Party Advisory

59490

Third Party Advisory

59491

Third Party Advisory

59495

Third Party Advisory

59502

Third Party Advisory

59506

Third Party Advisory

59514

Third Party Advisory

59518

Third Party Advisory

59525

Third Party Advisory

59528

Third Party Advisory

59529

Third Party Advisory

59530

Third Party Advisory

59589

Third Party Advisory

59602

Third Party Advisory

59655

Third Party Advisory

59659

Third Party Advisory

59661

Third Party Advisory

59666

Third Party Advisory

59669

Third Party Advisory

59677

Third Party Advisory

59721

Third Party Advisory

59784

Third Party Advisory

59824

Third Party Advisory

59827

Third Party Advisory

59878

Third Party Advisory

59885

Third Party Advisory

59894

Third Party Advisory

59916

Third Party Advisory

59990

Third Party Advisory

60049

Third Party Advisory

60066

Third Party Advisory

60176

Third Party Advisory

60522

Third Party Advisory

60567

Third Party Advisory

60571

Third Party Advisory

60577

Third Party Advisory

60819

Third Party Advisory

61254

Third Party Advisory

61815

Third Party Advisory

GLSA-201407-05

Third Party Advisory

http://support.apple.com/kb/HT6443

Third Party Advisory

http://support.citrix.com/article/CTX140876

Third Party Advisory

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

Third Party Advisory

20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Third Party Advisory

http://www.blackberry.com/btsc/KB36051

Third Party Advisory

http://www.fortiguard.com/advisory/FG-IR-14-018/

Third Party Advisory

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

Third Party Advisory

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=isg3T1020948

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=ssg1S1004678

Third Party Advisory

IT02314

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676356

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676793

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676877

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg24037783

Third Party Advisory

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

Third Party Advisory

VU#978508

Third Party Advisory, US Government Resource

http://www.kerio.com/support/kerio-control/release-history

Third Party Advisory

MDVSA-2014:105

Third Party Advisory

MDVSA-2014:106

Third Party Advisory

MDVSA-2015:062

Third Party Advisory

http://www.novell.com/support/kb/doc.php?id=7015264

Third Party Advisory

http://www.novell.com/support/kb/doc.php?id=7015300

Third Party Advisory

http://www.openssl.org/news/secadv_20140605.txt

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Third Party Advisory

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Third Party Advisory, VDB Entry

1031032

Third Party Advisory, VDB Entry

1031594

Third Party Advisory, VDB Entry

http://www.splunk.com/view/SP-CAAAM2D

Third Party Advisory

http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Third Party Advisory

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690

Third Party Advisory

IV61506

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21675626

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676333

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676334

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676478

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676496

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676501

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676529

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676536

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676615

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676786

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676833

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676845

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677080

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677131

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677390

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677567

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677836

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678233

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037727

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037729

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037730

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037731

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037732

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037761

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24037870

Third Party Advisory

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

Third Party Advisory

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

Third Party Advisory

https://access.redhat.com/site/blogs/766093/posts/908133

Third Party Advisory

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues

Third Party Advisory

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1103586

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

https://discussions.nessus.org/thread/7517

Third Party Advisory

https://filezilla-project.org/versions.php?type=server

Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441

Patch, Vendor Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

Third Party Advisory

https://kb.bluecoat.com/index?page=content&id=SA80

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Third Party Advisory

https://www.ibm.com/support/docview.wss?uid=ssg1S1004670

Third Party Advisory

https://www.ibm.com/support/docview.wss?uid=ssg1S1004671

Third Party Advisory

https://www.imperialviolet.org/2014/06/05/earlyccs.html

Exploit

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf

Third Party Advisory

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf

Third Party Advisory

https://www.novell.com/support/kb/doc.php?id=7015271

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.