Executive Summary

Informations
Name CVE-2014-3568 First vendor Publication 2014-10-18
Vendor Cve Last vendor Modification 2017-11-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26548
 
Oval ID: oval:org.mitre.oval:def:26548
Title: DSA-3053-1 openssl - security update
Description: Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
Family: unix Class: patch
Reference(s): DSA-3053-1
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27218
 
Oval ID: oval:org.mitre.oval:def:27218
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description: OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3568
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28044
 
Oval ID: oval:org.mitre.oval:def:28044
Title: SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g (moderate)
Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> * CVE-2013-0169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2014-0224 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224> * CVE-2014-3470 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470> * CVE-2014-3508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1557-2
CVE-2013-0166
CVE-2013-0169
CVE-2014-0224
CVE-2014-3470
CVE-2014-3508
CVE-2014-3566
CVE-2014-3568
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): compat-openssl097g
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28223
 
Oval ID: oval:org.mitre.oval:def:28223
Title: SUSE-SU-2014:1386-1 -- Security update for OpenSSL (important)
Description: This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete ((CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513> * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1386-1
CVE-2014-3513
CVE-2014-3567
CVE-2014-3566
CVE-2014-3568
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28380
 
Oval ID: oval:org.mitre.oval:def:28380
Title: SUSE-SU-2014:1361-1 -- Security update for OpenSSL (important)
Description: This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1361-1
CVE-2014-3567
CVE-2014-3566
CVE-2014-3568
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28457
 
Oval ID: oval:org.mitre.oval:def:28457
Title: SUSE-SU-2014:1387-1 -- Security update for OpenSSL (important)
Description: This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete ((CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1387-1
CVE-2014-3567
CVE-2014-3566
CVE-2014-3568
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): OpenSSL
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 287

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-02-05 IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0058513
2015-02-05 IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0058515
2015-02-05 IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0058517
2015-02-05 IAVM : 2015-A-0029 - Multiple Vulnerabilities in VMware Fusion
Severity : Category I - VMSKEY : V0058535
2015-01-22 IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity : Category I - VMSKEY : V0058213

Snort® IPS/IDS

Date Description
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Revision : 5 - Type : SERVER-OTHER
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2015-10-02 Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote host has a virtualization application installed that is affected b...
File : vmware_workstation_multiple_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote host contains a virtualization application that is affected by mul...
File : vmware_workstation_linux_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_multiple_vmsa_2015-0001.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_linux_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote host contains a virtualization application that is affected by mul...
File : macosx_fusion_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_1749766_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1743201_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : A clustered file system on the remote host is affected by multiple vulnerabil...
File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO
2015-01-13 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-39.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO
2014-10-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-427.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
BID http://www.securityfocus.com/bid/70585
CONFIRM http://support.apple.com/HT204244
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://support.apple.com/HT205217
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20141015.txt
DEBIAN http://www.debian.org/security/2014/dsa-3053
GENTOO http://security.gentoo.org/glsa/glsa-201412-39.xml
HP http://marc.info/?l=bugtraq&m=141477196830952&w=2
http://marc.info/?l=bugtraq&m=142103967620673&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=142804214608580&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
NETBSD ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
SECTRACK http://www.securitytracker.com/id/1031053
SECUNIA http://secunia.com/advisories/59627
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61130
http://secunia.com/advisories/61207
http://secunia.com/advisories/61819
http://secunia.com/advisories/61959
http://secunia.com/advisories/62030
http://secunia.com/advisories/62070
http://secunia.com/advisories/62124
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/97037

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Date Informations
2020-05-23 01:52:11
  • Multiple Updates
2020-05-23 00:41:06
  • Multiple Updates
2018-08-10 12:04:25
  • Multiple Updates
2017-11-15 09:23:51
  • Multiple Updates
2017-08-29 09:24:35
  • Multiple Updates
2017-01-03 09:22:53
  • Multiple Updates
2016-12-03 09:23:57
  • Multiple Updates
2016-08-23 09:24:51
  • Multiple Updates
2016-08-20 09:22:29
  • Multiple Updates
2016-08-17 09:23:49
  • Multiple Updates
2016-04-27 00:52:19
  • Multiple Updates
2016-03-30 13:26:11
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2015-10-18 17:22:36
  • Multiple Updates
2015-10-03 13:24:08
  • Multiple Updates
2015-09-19 09:22:18
  • Multiple Updates
2015-05-21 13:31:21
  • Multiple Updates
2015-04-10 09:26:21
  • Multiple Updates
2015-04-07 09:26:56
  • Multiple Updates
2015-03-31 13:28:32
  • Multiple Updates
2015-03-27 13:28:12
  • Multiple Updates
2015-03-27 09:26:43
  • Multiple Updates
2015-03-18 09:26:51
  • Multiple Updates
2015-03-17 09:25:59
  • Multiple Updates
2015-03-06 13:25:48
  • Multiple Updates
2015-02-27 21:23:33
  • Multiple Updates
2015-02-21 09:23:26
  • Multiple Updates
2015-02-04 13:24:29
  • Multiple Updates
2015-01-31 09:21:25
  • Multiple Updates
2015-01-30 13:24:16
  • Multiple Updates
2015-01-22 13:24:57
  • Multiple Updates
2015-01-21 13:26:55
  • Multiple Updates
2015-01-14 13:23:28
  • Multiple Updates
2014-12-27 13:25:05
  • Multiple Updates
2014-12-06 13:27:01
  • Multiple Updates
2014-11-19 21:23:17
  • Multiple Updates
2014-11-19 09:23:42
  • Multiple Updates
2014-11-18 13:26:06
  • Multiple Updates
2014-11-14 13:28:02
  • Multiple Updates
2014-11-14 00:21:35
  • Multiple Updates
2014-11-13 21:24:38
  • Multiple Updates
2014-11-07 13:26:24
  • Multiple Updates
2014-11-05 13:28:36
  • Multiple Updates
2014-10-31 13:24:33
  • Multiple Updates
2014-10-31 13:23:57
  • Multiple Updates
2014-10-23 21:23:09
  • Multiple Updates
2014-10-22 17:22:23
  • Multiple Updates
2014-10-21 13:26:03
  • Multiple Updates
2014-10-19 09:22:21
  • First insertion