Executive Summary

Informations
NameCVE-2014-3572First vendor Publication2015-01-08
VendorCveLast vendor Modification2017-11-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572

CWE : Common Weakness Enumeration

%idName
100 %CWE-310Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28606
 
Oval ID: oval:org.mitre.oval:def:28606
Title: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Description: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3572
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application185

Nessus® Vulnerability Scanner

DateDescription
2016-06-23Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0086.nasl - Type : ACT_GATHER_INFO
2016-06-22Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0071.nasl - Type : ACT_GATHER_INFO
2016-03-29Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2015-09-04Name : The remote Windows host has an application installed that is affected by mult...
File : hp_version_control_repo_manager_7_5_0_0.nasl - Type : ACT_GATHER_INFO
2015-09-04Name : The remote Linux host has an application installed that is affected by multip...
File : hp_version_control_repo_manager_7_5_0_nix.nasl - Type : ACT_GATHER_INFO
2015-07-27Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-507.nasl - Type : ACT_GATHER_INFO
2015-07-22Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-06-09Name : The remote Windows host has VPN client software installed that is affected by...
File : smb_kb3062760.nasl - Type : ACT_GATHER_INFO
2015-05-27Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0946-1.nasl - Type : ACT_GATHER_INFO
2015-05-19Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150310-ssl-nxos.nasl - Type : ACT_GATHER_INFO
2015-05-19Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_60.nasl - Type : ACT_GATHER_INFO
2015-05-19Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_21.nasl - Type : ACT_GATHER_INFO
2015-05-15Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO
2015-04-21Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10679.nasl - Type : ACT_GATHER_INFO
2015-04-21Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10679.nasl - Type : ACT_GATHER_INFO
2015-04-10Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-10Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote host is affected by multiple vulnerabilities.
File : cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-132.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote host is affected by multiple vulnerabilities.
File : macosx_cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-18Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0030.nasl - Type : ACT_GATHER_INFO
2015-03-13Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_622.nasl - Type : ACT_GATHER_INFO
2015-03-13Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_firewall_enterprise_SB10102.nasl - Type : ACT_GATHER_INFO
2015-03-10Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0029.nasl - Type : ACT_GATHER_INFO
2015-02-18Name : The remote AIX host has a version of OpenSSL installed that is affected by mu...
File : aix_openssl_advisory12.nasl - Type : ACT_GATHER_INFO
2015-02-18Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16126.nasl - Type : ACT_GATHER_INFO
2015-01-26Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-67.nasl - Type : ACT_GATHER_INFO
2015-01-23Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0005.nasl - Type : ACT_GATHER_INFO
2015-01-21Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-21Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2459-1.nasl - Type : ACT_GATHER_INFO
2015-01-13Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO
2015-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3125.nasl - Type : ACT_GATHER_INFO
2015-01-12Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-019.nasl - Type : ACT_GATHER_INFO
2015-01-09Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4e536c14979111e4977dd050992ecde8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BID http://www.securityfocus.com/bid/71942
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://bto.bluecoat.com/security-advisory/sa88
https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b213...
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt
DEBIAN http://www.debian.org/security/2015/dsa-3125
HP http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0066.html
SECTRACK http://www.securitytracker.com/id/1033378
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
DateInformations
2018-08-10 12:04:25
  • Multiple Updates
2017-11-15 09:23:51
  • Multiple Updates
2017-10-20 09:22:59
  • Multiple Updates
2017-01-03 09:22:53
  • Multiple Updates
2016-12-24 09:24:02
  • Multiple Updates
2016-12-22 09:23:39
  • Multiple Updates
2016-12-08 09:23:31
  • Multiple Updates
2016-12-03 09:23:57
  • Multiple Updates
2016-10-26 09:22:42
  • Multiple Updates
2016-10-14 13:25:02
  • Multiple Updates
2016-08-23 09:24:51
  • Multiple Updates
2016-08-11 13:26:57
  • Multiple Updates
2016-07-22 12:02:53
  • Multiple Updates
2016-06-24 13:26:47
  • Multiple Updates
2016-06-23 13:29:27
  • Multiple Updates
2016-05-25 13:24:40
  • Multiple Updates
2016-05-18 13:27:58
  • Multiple Updates
2016-05-17 13:29:40
  • Multiple Updates
2016-05-14 13:29:01
  • Multiple Updates
2016-05-13 13:29:29
  • Multiple Updates
2016-05-12 13:28:10
  • Multiple Updates
2016-05-10 13:30:38
  • Multiple Updates
2016-05-07 13:29:47
  • Multiple Updates
2016-05-06 13:32:23
  • Multiple Updates
2016-05-05 13:30:52
  • Multiple Updates
2016-04-27 00:52:23
  • Multiple Updates
2016-04-16 13:27:08
  • Multiple Updates
2016-04-10 13:27:54
  • Multiple Updates
2016-03-30 13:26:11
  • Multiple Updates
2016-03-27 13:26:56
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2016-02-27 13:27:00
  • Multiple Updates
2015-12-24 13:25:53
  • Multiple Updates
2015-12-05 13:26:34
  • Multiple Updates
2015-10-23 09:23:01
  • Multiple Updates
2015-09-05 13:31:52
  • Multiple Updates
2015-07-28 13:32:12
  • Multiple Updates
2015-07-24 13:29:07
  • Multiple Updates
2015-07-17 09:19:28
  • Multiple Updates
2015-07-02 13:28:44
  • Multiple Updates
2015-06-10 13:27:35
  • Multiple Updates
2015-06-04 09:26:54
  • Multiple Updates
2015-05-28 13:27:49
  • Multiple Updates
2015-05-20 13:29:02
  • Multiple Updates
2015-05-16 13:27:36
  • Multiple Updates
2015-04-22 13:28:43
  • Multiple Updates
2015-04-17 09:27:26
  • Multiple Updates
2015-04-15 13:28:15
  • Multiple Updates
2015-04-14 09:27:27
  • Multiple Updates
2015-04-11 13:28:44
  • Multiple Updates
2015-04-01 09:26:29
  • Multiple Updates
2015-03-31 13:28:32
  • Multiple Updates
2015-03-27 13:28:13
  • Multiple Updates
2015-03-27 09:26:45
  • Multiple Updates
2015-03-19 13:28:05
  • Multiple Updates
2015-03-17 09:26:01
  • Multiple Updates
2015-03-14 13:25:26
  • Multiple Updates
2015-03-13 09:22:53
  • Multiple Updates
2015-03-12 09:23:19
  • Multiple Updates
2015-03-11 13:24:54
  • Multiple Updates
2015-02-27 21:23:35
  • Multiple Updates
2015-02-21 09:23:28
  • Multiple Updates
2015-02-19 13:24:46
  • Multiple Updates
2015-02-03 13:24:12
  • Multiple Updates
2015-01-27 13:23:32
  • Multiple Updates
2015-01-24 13:23:36
  • Multiple Updates
2015-01-23 13:24:39
  • Multiple Updates
2015-01-22 13:24:58
  • Multiple Updates
2015-01-18 13:25:02
  • Multiple Updates
2015-01-17 05:27:46
  • Multiple Updates
2015-01-14 13:23:29
  • Multiple Updates
2015-01-13 13:23:40
  • Multiple Updates
2015-01-10 13:23:19
  • Multiple Updates
2015-01-09 21:22:55
  • Multiple Updates
2015-01-09 09:24:40
  • First insertion