OpenSSL Vulnerability - CVE-2014-0224 - Red Hat Customer Portal

Comments

Good afternoon

We have been using a scanning tool (Nessus Vulnerability Scanner) to identify security vulnerabilities. It has identified two systems which were being flagged with respect to CVE-2014-0224: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability' and, after the most recent errata was applied, one of the two servers is no longer being flagged with this vulnerability.

Both systems have the same version of OpenSSL (0.9.8e-27). Not sure why one of them is still being flagged and the other is not. According to the openssl.org site, 0.9.8za is the version that remediates this and they indicate that 0.9.8e is affected.

At this point, I'm unsure how to proceed and how to remediate this issue on the remaining server.

Any ideas? Thanks!!

Started 2014-08-06T22:02:48+00:00 by

Dan Carrington

Pro 583 points

Select Your Language

OpenSSL Vulnerability - CVE-2014-0224

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links