CVE-2014-4630 - Vulnerability Details - OpenCVE

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Bsafe Micro-edition-suite Bsafe Ssl-j

Configuration 1 [-]

OR	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html
http://www.securityfocus.com/bid/72534
https://secure-resumption.com/

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2014-12-30T15:00:00

Updated: 2024-08-06T11:20:26.999Z

Reserved: 2014-06-24T00:00:00

Link: CVE-2014-4630

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-12-30T15:59:00.063

Modified: 2024-11-21T02:10:36.370

Link: CVE-2014-4630

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-02-16T15:57:00", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"}, {"name": "72534", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72534"}, {"tags": ["x_refsource_MISC"], "url": "https://secure-resumption.com/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-4630", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"}, {"name": "72534", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72534"}, {"name": "https://secure-resumption.com/", "refsource": "MISC", "url": "https://secure-resumption.com/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:26.999Z"}, "title": "CVE Program Container", "references": [{"name": "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"}, {"name": "72534", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72534"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://secure-resumption.com/"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-4630", "datePublished": "2014-12-30T15:00:00", "dateReserved": "2014-06-24T00:00:00", "dateUpdated": "2024-08-06T11:20:26.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9070318E-1AB0-4EC9-8192-D7E2BCF1B4BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BAAD58D-7B35-4C0C-8800-DF8B78999A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F608E0D4-F71E-4F84-9170-7BE65F415B84", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8CA858A4-7617-4930-9D47-0B334E5A64B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FE2BD4F-AF53-4BFF-A652-FB9D181036CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A0A8C0D1-7201-48FC-8F72-1D138EDBDCD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCFB0541-6B9F-4C15-886E-45831E5C680E", "versionEndIncluding": "6.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""}, {"lang": "es", "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociaci\u00f3n como lo era antes de ella, lo que permite ataques 'man-in-the-middle' para obtener informaci\u00f3n sensible o modificar datos de la sesi\u00f3n TLS a trav\u00e9s de 'ataque de triple negociaci\u00f3n'"}], "id": "CVE-2014-4630", "lastModified": "2024-11-21T02:10:36.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-30T15:59:00.063", "references": [{"source": "security_alert@emc.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72534"}, {"source": "security_alert@emc.com", "tags": ["Technical Description"], "url": "https://secure-resumption.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://secure-resumption.com/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}