Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Remediation

References

Related Vulnerabilities

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8624)

WordPress Plugin Top Quark Architecture 'script.php' Arbitrary File Upload (2.1.0)

Oracle JRE CVE-2013-5777 Vulnerability (CVE-2013-5777)

WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)

Severity

High

Classification

CVE-2014-0224 CWE-326 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities