Vulnerabilites related to emc - rsa_bsafe_ssl-j
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
},
{
"lang": "es",
"value": "Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protecci\u00f3n criptogr\u00e1fica mediante el aprovechamiento del procesamiento de datos de la aplicaci\u00f3n durante el handshake de TLS, en el momento cuando los datos no est\u00e1n cifrados ni autenticados."
}
],
"id": "CVE-2014-0626",
"lastModified": "2024-11-21T02:02:31.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.173",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
},
{
"lang": "es",
"value": "La implementaci\u00f3n API SSLEngine en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos provocar la selecci\u00f3n de una suite de cifrado d\u00e9bil mediante el uso del m\u00e9todo Wrap durante cierto estado del handshake incompleto."
}
],
"id": "CVE-2014-0627",
"lastModified": "2024-11-21T02:02:31.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.207",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_ssl-j | 5.1.2 | |
| dell | bsafe_ssl-j | 6.0 | |
| emc | rsa_bsafe_ssl-j | 5.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.0 | |
| emc | rsa_bsafe_ssl-j | 5.1.1 | |
| emc | rsa_bsafe_ssl-j | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "314CC197-7A5B-490E-BCA4-DCFFDC32A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "514F2922-83FA-4A51-BA74-A17175643BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C4C01-A2CF-4241-97D2-C379F4351DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF5DF8B-B891-4291-A5C2-91C2C2525F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
},
{
"lang": "es",
"value": "La implementaci\u00f3n SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) mediante la activaci\u00f3n del procesamiento de los datos de aplicaci\u00f3n durante el handshake de TLS, en el momento cuando los datos est\u00e1n almacenados en buffer internamente."
}
],
"id": "CVE-2014-0625",
"lastModified": "2024-11-21T02:02:31.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-18T00:55:05.143",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-0627
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0627",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0626
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0626",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0625
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T00:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0625",
"datePublished": "2014-02-18T00:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}