Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4630

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-4630
Last Modified 18 Feb 2015 09:59:27
Published 30 Dec 2014 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-4630

Summary

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

Vulnerable Systems

Application

  • Emc Rsa Bsafe 4.0.0

  • Emc Rsa Bsafe 4.0.1

  • Emc Rsa Bsafe 4.0.2

  • Emc Rsa Bsafe 4.0.3

  • Emc Rsa Bsafe 4.0.4

  • Emc Rsa Bsafe 4.0.5

  • Emc Rsa Bsafe Ssl-j 6.1.2


References

MISC - https://secure-resumption.com/

BUGTRAQ - 20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability

BID - 72534


Last Updated: 27 May 2016 11:07:22