Oracle Linux: (CVE-2014-3572) (Multiple Advisories): openssl security update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | January 08, 2015 | March 22, 2016 | January 22, 2018 |
Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
oracle-linux-upgrade-opensslRelated Vulnerabilities
- ELSA-2015-1197 Moderate: Oracle Linux openssl security update
- OS X update for Admin Framework (CVE-2014-3572)
- DSA-3125-1 openssl -- security update
- Cent OS: CVE-2014-3572: CESA-2015:0066 (openssl)
- IBM AIX: openssl_advisory12 (CVE-2014-3572): Vulnerabilities in OpenSSL affects AIX
- RHSA-2015:0066: openssl security update
- HP Systems Insight Manager - HPSBMU03394 (CVE-2014-3572): Linux and Windows, Multiple Vulnerabilities
- Juniper Junos OS: 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory (JSA10679) (multiple CVEs)
- SUSE: CVE-2014-3572: SUSE Linux Security Advisory
- Amazon Linux AMI: Security patch for openssl (ALAS-2015-469) (multiple CVEs)
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:01.openssl) (Multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (Multiple CVEs)
- F5 Networks: K16126 (CVE-2014-3572): OpenSSL vulnerability CVE-2014-3572
- ELSA-2015-2616 Moderate: Oracle Linux openssl security update
- ELSA-2015-3010 Important: Oracle Linux openssl security update
- ELSA-2015-0066 Moderate: Oracle Linux openssl security update
- HP System Management Homepage - (Multiple Advisories) (CVE-2014-3572): Windows 2003, Multiple Vulnerabilities
- Alpine Linux: CVE-2014-3572: openssl Security Advisory [08 Jan 2015]
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
- OpenSSL ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
- Oracle Solaris 11: CVE-2014-3572: Vulnerability in OpenSSL
- ELSA-2015-0800 Moderate: Oracle Linux openssl security update
- HP-UX: CVE-2014-3572: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
- USN-2459-1: OpenSSL vulnerabilities
- OS X update for OpenSSL (CVE-2014-3572)