OpenSSL CCS Injection Detector

About

This tool checks to determine if the version of OpenSSL used by services running on a RHEL system is patched for the OpenSSL CCS Injection vulnerability (CVE-2014-0224).

Can this app false positive?

Yes -- OpenSSL server versions pre 1.0.1 may fail the vulnerability test even though they can not be exploited (clients pre 1.0.1 are still vulnerable, but this tool does not scan clients). This application checks to make sure that the patch for CVE-2014-0224 was properly applied regardless of whether the OpenSSL lib was vulnerable in the first place.

Discussion

OpenSSL CCS Injection Vulnerability (CVE-2014-0224) Alert

Announcement

OpenSSL CCS Injection Security Alert (CVE-2014-0224)

Solutions

Articles

OpenSSL CCS Injection Vulnerability (CVE-2014-0224) Alert

Go to Application

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.

It looks like we have some work to do. Leave a comment to let us know how we could improve.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

About

Can this app false positive?

Discussion

Announcement

Solutions

Articles

Was this helpful?

Get notified when this content is updated

About

Can this app false positive?

Discussion

Announcement

Solutions

Articles

Was this helpful?

Get notified when this content is updated

Share