CVE-2014-0224

Impact:
Important
Public Date:
2014-06-05
IAVA:
2014-B-0077, 2014-B-0084, 2014-B-0088, 2014-B-0089, 2014-B-0091, 2014-B-0097, 2014-B-0101, 2014-B-0102, 2015-A-0113
CWE:
CWE-841
Bugzilla:
1103586: CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

Find out more about CVE-2014-0224 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (openssl) RHSA-2014:0624 2014-06-05
Red Hat Enterprise Linux 5 (openssl097a) RHSA-2014:0626 2014-06-05
Red Hat Enterprise Linux Advanced Update Support 6.2 (openssl) RHSA-2014:0627 2014-06-05
Red Hat Enterprise Linux Long Life (v. 5.6 server) (openssl) RHSA-2014:0627 2014-06-05
Red Hat Enterprise Linux Extended Update Support 6.3 (openssl) RHSA-2014:0627 2014-06-05
Red Hat Enterprise Linux 6 (openssl) RHSA-2014:0625 2014-06-05
Red Hat JBoss Enterprise Application Platform 5.2 RHSA-2014:0630 2014-06-05
Red Hat Enterprise Linux 6 (openssl098e) RHSA-2014:0626 2014-06-05
Red Hat Enterprise Linux Extended Lifecycle Support 4 (openssl) RHSA-2014:0627 2014-06-05
Red Hat Enterprise Linux EUS (v. 5.9 server) (openssl) RHSA-2014:0627 2014-06-05
Red Hat Enterprise Linux 7 (openssl) RHSA-2014:0679 2014-06-10
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2014:0629 2014-06-05
Red Hat Storage Server 2.1 (openssl) RHSA-2014:0628 2014-06-05
Red Hat Enterprise Linux 7 (openssl098e) RHSA-2014:0680 2014-06-10
Red Hat JBoss Enterprise Application Platform 6.2 RHSA-2014:0631 2014-06-05
Red Hat Enterprise Linux Extended Update Support 6.4 (openssl) RHSA-2014:0627 2014-06-05
Red Hat JBoss Web Platform 5.2 RHSA-2014:0633 2014-06-05
Red Hat JBoss Web Server 2.0 RHSA-2014:0632 2014-06-05

Affected Packages State

Platform Package State
Red Hat JBoss EWS 1 openssl Will not fix
Red Hat Enterprise Linux 6 guest-images Not affected
RHEV-M for Servers rhev-hypervisor Affected
RHEV-M for Servers mingw-virt-viewer Not affected

Acknowledgements

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.