Back to search

Oracle Linux: (CVE-2014-3572) (Multiple Advisories): openssl security update

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	January 08, 2015	March 22, 2016	January 22, 2018

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

ELSA-ELSA-2016-1137
APPLE-APPLE-SA-2015-04-08-2
SUSE-SUSE-SU-2015:0578
SUSE-SUSE-SU-2015:0946
REDHAT-RHSA-2015:0066
DEBIAN-DLA-132-1
DEBIAN-DSA-3125
MANDRIVA-MDVSA-2015:019
MANDRIVA-MDVSA-2015:062
BID-71942
SECTRACK-1033378
NVD-CVE-2014-3572
UBUNTU-USN-2459-1

Solution

oracle-linux-upgrade-openssl

Related Vulnerabilities

ELSA-2015-1197 Moderate: Oracle Linux openssl security update
OS X update for Admin Framework (CVE-2014-3572)
DSA-3125-1 openssl -- security update
Cent OS: CVE-2014-3572: CESA-2015:0066 (openssl)
IBM AIX: openssl_advisory12 (CVE-2014-3572): Vulnerabilities in OpenSSL affects AIX
RHSA-2015:0066: openssl security update
HP Systems Insight Manager - HPSBMU03394 (CVE-2014-3572): Linux and Windows, Multiple Vulnerabilities
SUSE: CVE-2014-3572: SUSE Linux Security Advisory
Amazon Linux AMI: Security patch for openssl (ALAS-2015-469) (multiple CVEs)
FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:01.openssl) (Multiple CVEs)
Juniper Junos OS: 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory. (JSA10679) (multiple CVEs)
Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (Multiple CVEs)
F5 Networks: K16126 (CVE-2014-3572): OpenSSL vulnerability CVE-2014-3572
ELSA-2015-2616 Moderate: Oracle Linux openssl security update
ELSA-2015-3010 Important: Oracle Linux openssl security update
ELSA-2015-0066 Moderate: Oracle Linux openssl security update
HP System Management Homepage - (Multiple Advisories) (CVE-2014-3572): Windows 2003, Multiple Vulnerabilities
Alpine Linux: CVE-2014-3572: openssl Security Advisory [08 Jan 2015]
Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
OpenSSL ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Oracle Solaris 11: CVE-2014-3572: Vulnerability in OpenSSL
ELSA-2015-0800 Moderate: Oracle Linux openssl security update
HP-UX: CVE-2014-3572: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
USN-2459-1: OpenSSL vulnerabilities
OS X update for OpenSSL (CVE-2014-3572)

Vulnerability & Exploit Database

Oracle Linux: (CVE-2014-3572) (Multiple Advisories): openssl security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

Oracle Linux: (CVE-2014-3572) (Multiple Advisories): openssl security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: