It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication.
Find out more about CVE-2014-6457 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 4 |
---|---|
Base Metrics | AV:N/AC:H/Au:N/C:P/I:P/A:N |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2014:1620 | 2014-10-15 |
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) | RHSA-2014:1877 | 2014-11-19 |
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2014:1880 | 2014-11-20 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2014:1620 | 2014-10-15 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2014:1880 | 2014-11-20 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) | RHSA-2014:1881 | 2014-11-20 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) | RHSA-2014:1882 | 2014-11-20 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) | RHSA-2014:1634 | 2014-10-15 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2014:1636 | 2014-10-15 |
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2014:1876 | 2014-11-19 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) | RHSA-2014:1657 | 2014-10-16 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) | RHSA-2014:1658 | 2014-10-16 |
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) | RHSA-2014:1633 | 2014-10-14 |
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) | RHSA-2014:1634 | 2014-10-15 |
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) | RHSA-2014:1634 | 2014-10-15 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2014:1657 | 2014-10-16 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2014:1658 | 2014-10-16 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2014:1657 | 2014-10-16 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2014:1658 | 2014-10-16 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2014:1877 | 2014-11-19 |
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) | RHSA-2014:1881 | 2014-11-20 |