CVE-2014-3572

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3572
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71942
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71942
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 - () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 -
References () http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - () http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html - () http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html - () http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html - () http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html -
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html - () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html - () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html -
References () http://marc.info/?l=bugtraq&m=142496179803395&w=2 - () http://marc.info/?l=bugtraq&m=142496179803395&w=2 -
References () http://marc.info/?l=bugtraq&m=142496289803847&w=2 - () http://marc.info/?l=bugtraq&m=142496289803847&w=2 -
References () http://marc.info/?l=bugtraq&m=142720981827617&w=2 - () http://marc.info/?l=bugtraq&m=142720981827617&w=2 -
References () http://marc.info/?l=bugtraq&m=142721102728110&w=2 - () http://marc.info/?l=bugtraq&m=142721102728110&w=2 -
References () http://marc.info/?l=bugtraq&m=142895206924048&w=2 - () http://marc.info/?l=bugtraq&m=142895206924048&w=2 -
References () http://marc.info/?l=bugtraq&m=143748090628601&w=2 - () http://marc.info/?l=bugtraq&m=143748090628601&w=2 -
References () http://marc.info/?l=bugtraq&m=144050155601375&w=2 - () http://marc.info/?l=bugtraq&m=144050155601375&w=2 -
References () http://marc.info/?l=bugtraq&m=144050205101530&w=2 - () http://marc.info/?l=bugtraq&m=144050205101530&w=2 -
References () http://marc.info/?l=bugtraq&m=144050254401665&w=2 - () http://marc.info/?l=bugtraq&m=144050254401665&w=2 -
References () http://marc.info/?l=bugtraq&m=144050297101809&w=2 - () http://marc.info/?l=bugtraq&m=144050297101809&w=2 -
References () http://rhn.redhat.com/errata/RHSA-2015-0066.html - () http://rhn.redhat.com/errata/RHSA-2015-0066.html -
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl - () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl -
References () http://www.debian.org/security/2015/dsa-3125 - () http://www.debian.org/security/2015/dsa-3125 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:019 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:019 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 -
References () http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html - () http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html -
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -
References () http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - () http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html -
References () http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html - () http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html -
References () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html -
References () http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html - () http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html -
References () http://www.securityfocus.com/bid/71942 - () http://www.securityfocus.com/bid/71942 -
References () http://www.securitytracker.com/id/1033378 - () http://www.securitytracker.com/id/1033378 -
References () https://bto.bluecoat.com/security-advisory/sa88 - () https://bto.bluecoat.com/security-advisory/sa88 -
References () https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63 - () https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63 -
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10102 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10102 -
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10108 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10108 -
References () https://support.apple.com/HT204659 - () https://support.apple.com/HT204659 -
References () https://support.citrix.com/article/CTX216642 - () https://support.citrix.com/article/CTX216642 -
References () https://www.openssl.org/news/secadv_20150108.txt - Vendor Advisory () https://www.openssl.org/news/secadv_20150108.txt - Vendor Advisory
Information

Published : 2015-01-09 02:59

Updated : 2024-11-21 02:08

NVD link : CVE-2014-3572

Mitre link : CVE-2014-3572

CVE.ORG link : CVE-2014-3572

JSON object : View

Products Affected

openssl

  • openssl
CWE
CWE-310

Cryptographic Issues


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024