5 - CVE-2014-3569

Executive Summary

Informations
Name	CVE-2014-3569	First vendor Publication	2014-12-24
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28535

Oval ID:	oval:org.mitre.oval:def:28535
Title:	Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description:	The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3569	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03244 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-PVT version is less than A.00.09.08ze.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08ze.002 AND openssl.OPENSSL-CER version is less than A.00.09.08ze.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08ze.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08ze.002 AND openssl.OPENSSL-INC version is less than A.00.09.08ze.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08ze.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08ze.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08ze.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08ze.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08ze.002 OR Criteria meets HP Security Bulletin HPSBUX03244 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-PVT version is less than A.00.09.08ze.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08ze.001 AND openssl.OPENSSL-CER version is less than A.00.09.08ze.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08ze.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08ze.001 AND openssl.OPENSSL-INC version is less than A.00.09.08ze.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08ze.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08ze.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08ze.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08ze.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08ze.001 OR Criteria meets HP Security Bulletin HPSBUX03244 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-PVT version is less than A.00.09.08ze.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08ze.003 AND openssl.OPENSSL-CER version is less than A.00.09.08ze.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08ze.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08ze.003 AND openssl.OPENSSL-INC version is less than A.00.09.08ze.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08ze.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08ze.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08ze.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08ze.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08ze.003

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1j:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-09-03	IAVM : 2015-B-0106 - Multiple Vulnerabilities in HP Version Control Repository Manager Severity : Category I - VMSKEY : V0061359

Nessus® Vulnerability Scanner

Date	Description
2016-03-29	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2015-09-04	Name : The remote Linux host has an application installed that is affected by multip... File : hp_version_control_repo_manager_7_5_0_nix.nasl - Type : ACT_GATHER_INFO
2015-09-04	Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_7_5_0_0.nasl - Type : ACT_GATHER_INFO
2015-08-03	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-07-22	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-05-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0946-1.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_21.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_60.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150310-ssl-nxos.nasl - Type : ACT_GATHER_INFO
2015-05-15	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO
2015-04-21	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10679.nasl - Type : ACT_GATHER_INFO
2015-04-21	Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10679.nasl - Type : ACT_GATHER_INFO
2015-04-15	Name : The remote database server is affected by multiple denial of service vulnerab... File : mysql_5_6_23.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote host is affected by multiple vulnerabilities. File : macosx_cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote host is affected by multiple vulnerabilities. File : cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-13	Name : The remote host is affected by multiple vulnerabilities. File : mcafee_firewall_enterprise_SB10102.nasl - Type : ACT_GATHER_INFO
2015-01-26	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-67.nasl - Type : ACT_GATHER_INFO
2015-01-16	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1k.nasl - Type : ACT_GATHER_INFO
2015-01-16	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0p.nasl - Type : ACT_GATHER_INFO
2015-01-16	Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zd.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-019.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3125.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-009-01.nasl - Type : ACT_GATHER_INFO
2015-01-09	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4e536c14979111e4977dd050992ecde8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:40:56	Multiple Updates
2023-11-07 21:45:07	Multiple Updates
2021-05-04 12:32:28	Multiple Updates
2021-04-22 01:39:26	Multiple Updates
2020-05-23 00:41:06	Multiple Updates
2017-11-15 09:23:51	Multiple Updates
2017-10-20 09:22:59	Multiple Updates
2017-01-03 09:22:53	Multiple Updates
2016-12-22 09:23:39	Multiple Updates
2016-12-08 09:23:31	Multiple Updates
2016-12-03 09:23:57	Multiple Updates
2016-10-26 09:22:42	Multiple Updates
2016-08-23 09:24:51	Multiple Updates
2016-08-20 09:22:29	Multiple Updates
2016-08-17 09:23:49	Multiple Updates
2016-07-22 12:02:53	Multiple Updates
2016-07-21 12:05:01	Multiple Updates
2016-03-30 13:26:11	Multiple Updates
2016-03-05 13:26:42	Multiple Updates
2015-10-23 09:22:58	Multiple Updates
2015-10-18 17:22:36	Multiple Updates
2015-09-05 13:31:52	Multiple Updates
2015-07-24 13:29:06	Multiple Updates
2015-07-17 09:19:26	Multiple Updates
2015-06-04 09:26:52	Multiple Updates
2015-05-28 13:27:49	Multiple Updates
2015-05-20 13:29:01	Multiple Updates
2015-05-16 13:27:36	Multiple Updates
2015-04-22 13:28:43	Multiple Updates
2015-04-17 09:27:24	Multiple Updates
2015-04-16 13:28:21	Multiple Updates
2015-04-14 09:27:25	Multiple Updates
2015-04-11 13:28:43	Multiple Updates
2015-04-01 09:26:27	Multiple Updates
2015-03-31 13:28:32	Multiple Updates
2015-03-27 13:28:13	Multiple Updates
2015-03-27 09:26:44	Multiple Updates
2015-03-14 13:25:26	Multiple Updates
2015-03-13 09:22:52	Multiple Updates
2015-03-12 09:23:18	Multiple Updates
2015-03-10 09:23:35	Multiple Updates
2015-02-21 09:23:27	Multiple Updates
2015-01-27 13:23:31	Multiple Updates
2015-01-18 13:25:02	Multiple Updates
2015-01-14 13:23:28	Multiple Updates
2015-01-13 13:23:39	Multiple Updates
2015-01-10 13:23:19	Multiple Updates
2015-01-10 09:21:43	Multiple Updates
2014-12-24 21:23:44	Multiple Updates
2014-12-24 17:22:33	First insertion

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	1
Sources(s)	41
IAVM(s)	1
Nessus® Exploit(s)	30

	Related
7.1	MDVSA-2015:062
5	MDVSA-2015:019
5	HPSBUX03244 SSR...
5	HPSBUX03162 SSR...
5	DSA-3125
5	cisco-sa-201503...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

5 - CVE-2014-3569

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU