Vulnerability & Exploit Database

Back to search

RHSA-2014:0624: openssl security update

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) June 05, 2014 June 05, 2014 July 04, 2017

Available Exploits 


OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.It was found that OpenSSL clients and servers could be forced, via aspecially crafted handshake packet, to use weak keying material forcommunication. A man-in-the-middle attacker could use this flaw to decryptand modify traffic between a client and a server. (CVE-2014-0224)Note: In order to exploit this flaw, both the server and the client must beusing a vulnerable version of OpenSSL; the server must be using OpenSSLversion 1.0.1 and above, and the client must be using any version ofOpenSSL. For more information about this flaw, refer to: Hat would like to thank the OpenSSL project for reporting this issue.Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporterof this issue.All OpenSSL users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. For the update to takeeffect, all services linked to the OpenSSL library (such as httpd and otherSSL-enabled services) must be restarted or the system rebooted.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial




Related Vulnerabilities