Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-3566

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

Source

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

Find out more about CVE-2014-3566 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1.

This issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Additional information can be found in the Red Hat Knowledgebase article:
https://access.redhat.com/articles/1232123

CVSS v2 metrics

Base Score	5
Base Metrics	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat Satellite Capsule 6.0	RHBA-2014:1857	2014-11-13
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm)	RHSA-2015:0264	2015-02-24
Red Hat Satellite 6.0	RHBA-2014:1857	2014-11-13
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle)	RHSA-2015:0079	2015-01-22
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle)	RHSA-2015:0079	2015-01-22
Red Hat JBoss Web Server 2.1	RHSA-2014:1920	2014-12-01
Red Hat JBoss Web Platform 5.2	RHSA-2015:0011	2015-01-05
Red Hat JBoss Enterprise Application Platform 6.3	RHSA-2015:0012	2015-01-05
Red Hat Satellite Capsule 6.0	RHBA-2014:1857	2014-11-13
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle)	RHSA-2015:0080	2015-01-22
RHOSE Client 2.0 (openshift-origin-node-proxy)	RHSA-2015:1546	2015-08-04
RHOSE Client 2.0 (openshift-origin-node-proxy)	RHSA-2015:1545	2015-08-04
Red Hat Satellite 6.0	RHBA-2014:1857	2014-11-13
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun)	RHSA-2015:0086	2015-01-26
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm)	RHSA-2014:1880	2014-11-20
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm)	RHSA-2014:1881	2014-11-20
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm)	RHSA-2014:1882	2014-11-20
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm)	RHSA-2015:0264	2015-02-24
Red Hat JBoss Enterprise Application Platform 5.2	RHSA-2015:0010	2015-01-05
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk)	RHSA-2015:0085	2015-01-26
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm)	RHSA-2014:1880	2014-11-20
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk)	RHSA-2015:0067	2015-01-21
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk)	RHSA-2015:0068	2015-01-20
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun)	RHSA-2015:0086	2015-01-26
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk)	RHSA-2015:0069	2015-01-21
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm)	RHSA-2014:1876	2014-11-19
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm)	RHSA-2014:1877	2014-11-19
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk)	RHSA-2015:0067	2015-01-21
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle)	RHSA-2015:0079	2015-01-22
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk)	RHSA-2015:0085	2015-01-26
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm)	RHSA-2014:1877	2014-11-19
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk)	RHSA-2015:0085	2015-01-26
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm)	RHSA-2014:1881	2014-11-20
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun)	RHSA-2015:0086	2015-01-26

Affected Packages State

Platform	Package	State
Red Hat OpenStack Platform 9.0	puppet	Will not fix
Red Hat OpenStack Platform 8.0 (Liberty)	puppet	Will not fix
Red Hat OpenShift Enterprise 2	jenkins	Affected
Red Hat OpenShift Enterprise 1	jenkins	Will not fix
Red Hat JBoss EWS 1	openssl	Will not fix
Red Hat Gluster Storage 2.1	openssl	Affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	puppet	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	puppet	Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)	puppet	Will not fix
Red Hat Enterprise Linux 7	openssl098e	Affected
Red Hat Enterprise Linux 7	nss	Affected
Red Hat Enterprise Linux 7	openssl	Affected
Red Hat Enterprise Linux 7	gnutls	Under investigation
Red Hat Enterprise Linux 6	openssl	Affected
Red Hat Enterprise Linux 6	gnutls	Under investigation
Red Hat Enterprise Linux 6	nss	Affected
Red Hat Enterprise Linux 5	openssl097a	Affected
Red Hat Enterprise Linux 5	openssl	Affected
Red Hat Enterprise Linux 5	gnutls	Under investigation
Red Hat Enterprise Linux 5	nss	Affected
RHEV Manager 3	mingw-virt-viewer	Affected
OpenStack 6 Installer for RHEL 7	puppet	Will not fix

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3566

Statement

CVSS v2 metrics

Red Hat Security Errata

Affected Packages State

Vulmon Search

About

Products

Connect