CVE-2014-0224


Severity : Medium
Published : 2014-06-05
Modified : 2015-04-14
Base Score : 6.8
Details : OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Product/Version : Pro 5.0  
Carrier Grade CGE 6.0  
Mobilinux 5.0.24  
MVL 5 Atom  
CGE 5.x  
Mobilinux 5.x  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Carrier Grade CGE 7.0  
 
 
 

CVE Vulnerabilities List CVE-2014

CVE-2014-0015 CVE-2014-0076 CVE-2014-0092 CVE-2014-0138
CVE-2014-0191 CVE-2014-0195 CVE-2014-0198 CVE-2014-0203
CVE-2014-0221 CVE-2014-0224 CVE-2014-0475 CVE-2014-1444
CVE-2014-1445 CVE-2014-1446 CVE-2014-1737 CVE-2014-1738
CVE-2014-1874 CVE-2014-2532 CVE-2014-3466 CVE-2014-3467
CVE-2014-3468 CVE-2014-3469 CVE-2014-3470 CVE-2014-3505
CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 CVE-2014-3537
CVE-2014-3565 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-4043 CVE-2014-4699 CVE-2014-4877 CVE-2014-5119
CVE-2014-6040 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278
CVE-2014-7169 CVE-2014-7185 CVE-2014-7186 CVE-2014-7187
CVE-2014-7817 CVE-2014-8121 CVE-2014-8176 CVE-2014-8275
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9297
CVE-2014-9298 CVE-2014-9447 CVE-2014-9529