CVE-2014-0224

Impact:: Important
Public Date:: 2014-06-05
IAVA:: 2014-B-0077, 2014-B-0084, 2014-B-0088, 2014-B-0089, 2014-B-0091, 2014-B-0097, 2014-B-0101, 2014-B-0102, 2015-A-0113
CWE:: CWE-841

Bugzilla:: 1103586: CVE-2014-0224 openssl: SSL/TLS MITM vulnerability

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

Find out more about CVE-2014-0224 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score	5.8
Base Metrics	AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat Enterprise Linux 5 (openssl)	RHSA-2014:0624	2014-06-05
Red Hat Enterprise Linux 5 (openssl097a)	RHSA-2014:0626	2014-06-05
Red Hat Enterprise Linux Advanced Update Support 6.2 (openssl)	RHSA-2014:0627	2014-06-05
Red Hat Enterprise Linux Long Life (v. 5.6 server) (openssl)	RHSA-2014:0627	2014-06-05
Red Hat Enterprise Linux Extended Update Support 6.3 (openssl)	RHSA-2014:0627	2014-06-05
Red Hat Enterprise Linux 6 (openssl)	RHSA-2014:0625	2014-06-05
Red Hat JBoss Enterprise Application Platform 5.2	RHSA-2014:0630	2014-06-05
Red Hat Enterprise Linux 6 (openssl098e)	RHSA-2014:0626	2014-06-05
Red Hat Enterprise Linux Extended Lifecycle Support 4 (openssl)	RHSA-2014:0627	2014-06-05
Red Hat Enterprise Linux EUS (v. 5.9 server) (openssl)	RHSA-2014:0627	2014-06-05
Red Hat Enterprise Linux 7 (openssl)	RHSA-2014:0679	2014-06-10
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6)	RHSA-2014:0629	2014-06-05
Red Hat Storage Server 2.1 (openssl)	RHSA-2014:0628	2014-06-05
Red Hat Enterprise Linux 7 (openssl098e)	RHSA-2014:0680	2014-06-10
Red Hat JBoss Enterprise Application Platform 6.2	RHSA-2014:0631	2014-06-05
Red Hat Enterprise Linux Extended Update Support 6.4 (openssl)	RHSA-2014:0627	2014-06-05
Red Hat JBoss Web Platform 5.2	RHSA-2014:0633	2014-06-05
Red Hat JBoss Web Server 2.0	RHSA-2014:0632	2014-06-05

Affected Packages State

Platform	Package	State
Red Hat JBoss EWS 1	openssl	Will not fix
Red Hat Enterprise Linux 6	guest-images	Not affected
RHEV Manager 3	rhev-hypervisor	Affected
RHEV Manager 3	mingw-virt-viewer	Not affected

Acknowledgements

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.

External References

Last Modified 2018-05-22T19:06:46+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories