4.3

CVE-2014-3511

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.33% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=142660345230545&w=2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://secunia.com/advisories/61184
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://secunia.com/advisories/60890
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://secunia.com/advisories/58962
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60803
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61100
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.securitytracker.com/id/1030693
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://www.openssl.org/news/secadv_20140806.txt
Vendor Advisory
http://secunia.com/advisories/61017
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://www.tenable.com/security/tns-2014-06
http://rhn.redhat.com/errata/RHSA-2015-0197.html
http://secunia.com/advisories/61139
https://techzone.ergon.ch/CVE-2014-3511
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://secunia.com/advisories/59887
http://secunia.com/advisories/60377
http://secunia.com/advisories/60810
http://secunia.com/advisories/61043
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
http://www.arubanetworks.com/support/alerts/aid-08182014.txt
http://www.securityfocus.com/bid/69079
http://www.splunk.com/view/SP-CAAANHS
https://bugzilla.redhat.com/show_bug.cgi?id=1127504
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b
https://kc.mcafee.com/corporate/index?page=content&id=SB10084