Amazon Linux AMI: Security patch for openssl097a (ALAS-2014-351) (CVE-2014-0224)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | June 05, 2014 | September 26, 2014 | July 04, 2017 |
Available Exploits 
Description
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- AMAZON-ALAS-2014-351
- CERT-VN-978508
- CVE-2014-0224
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0052625
- DISA_VMSKEY-V0052641
- DISA_VMSKEY-V0052893
- DISA_VMSKEY-V0052901
- DISA_VMSKEY-V0052907
- DISA_VMSKEY-V0052909
- DISA_VMSKEY-V0052911
- DISA_VMSKEY-V0053319
- DISA_VMSKEY-V0053501
- DISA_VMSKEY-V0053505
- DISA_VMSKEY-V0053507
- DISA_VMSKEY-V0060737
- IAVM-2014-A-0115
- IAVM-2014-B-0077
- IAVM-2014-B-0079
- IAVM-2014-B-0084
- IAVM-2014-B-0088
- IAVM-2014-B-0089
- IAVM-2014-B-0091
- IAVM-2014-B-0092
- IAVM-2014-B-0097
- IAVM-2014-B-0101
- IAVM-2014-B-0102
- IAVM-2015-A-0113
- REDHAT-RHSA-2014:0624
- REDHAT-RHSA-2014:0626
- REDHAT-RHSA-2014:0627
- REDHAT-RHSA-2014:0630
- REDHAT-RHSA-2014:0631
- REDHAT-RHSA-2014:0632
- REDHAT-RHSA-2014:0633
- REDHAT-RHSA-2014:0680
Solution
amazon-linux-upgrade-openssl097aRelated Vulnerabilities
- RHSA-2014:0679: openssl security update
- VMSA-2014-0006: OpenSSL update for multiple products. (CVE-2014-0224)
- ELSA-2014-1653 Moderate: Oracle Linux openssl security update
- ELSA-2014-0626 Important: Oracle Linux openssl097a and openssl098e security update
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- Oracle Solaris 11: CVE-2014-0224: Vulnerability in OpenSSL, WAN Boot
- OS X update for OpenSSL (CVE-2014-0224)
- RHSA-2014:0627: openssl security update
- ELSA-2014-0679 Important: Oracle Linux openssl security update
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-14:14.openssl) (Multiple CVEs)
- Juniper Junos OS: SSL/TLS MITM vulnerability (JSA10629) (CVE-2014-0224)
- RHSA-2014:0625: openssl security update
- Sun Patch: SunOS 5.10: wanboot patch
- Alpine Linux: CVE-2014-0224: openssl multiple issues
- DSA-2950-1 openssl -- security update
- HP-UX: CVE-2014-0224: Remote Unauthorized Access or Disclosure of Information
- OS X update for Note: (CVE-2014-0224)
- RHSA-2014:0626: openssl097a and openssl098e security update
- Sun Patch: SunOS 5.10_x86: openssl patch
- VMware Workstation: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-0224)
- Gentoo Linux: CVE-2014-0224: OpenSSL: Multiple vulnerabilities
- Amazon Linux AMI: Security patch for openssl098e (ALAS-2014-350) (CVE-2014-0224)
- RHSA-2014:0629: rhev-hypervisor6 security update
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- ELSA-2014-0625 Important: Oracle Linux openssl security update
- ELSA-2014-3040 Important: Oracle Linux openssl security update
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- ELSA-2014-1053 Moderate: Oracle Linux openssl security update
- IBM AIX: openssl_advisory9 (CVE-2014-0224): Vulnerabilities in OpenSSL affects AIX
- ELSA-2014-0624 Important: Oracle Linux openssl security update
- Sun Patch: SunOS 5.10: openssl patch
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-349) (multiple CVEs)
- VMware Fusion: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-0224)
- RHSA-2014:0624: openssl security update
- USN-2232-1: OpenSSL vulnerabilities
- ELSA-2014-0680 Important: Oracle Linux openssl098e security update
- RHSA-2014:0680: openssl098e security update
- OpenSSL SSL/TLS MITM vulnerability (CVE-2014-0224)
- VMware Player: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-0224)
- Cisco IOS: cisco-sa-20140605-openssl: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- Sun Patch: SunOS 5.9: wanboot and pkg utilities Patch