SB2014021803 - Multiple vulnerabilities in Dell RSA BSAFE SSL-J

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014021803

SB2014021803 - Multiple vulnerabilities in Dell RSA BSAFE SSL-J

Published: February 18, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014021803
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2014-0625)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.


2) Cryptographic issues (CVE-ID: CVE-2014-0626)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.


3) Cryptographic issues (CVE-ID: CVE-2014-0627)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.


Remediation

Install update from vendor's website.

References