NVD

Id
31749  
Name
CVE-2014-3572  
Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-01-08  
Modified Date
2017-01-02  
Seq
2014-3572  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
167176 31749 CVE-2014-3572 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679  View
167177 31749 CVE-2014-3572 APPLE-SA-2015-04-08-2  View
167178 31749 CVE-2014-3572 openSUSE-SU-2015:0130  View
167179 31749 CVE-2014-3572 SUSE-SU-2015:0578  View
167180 31749 CVE-2014-3572 SUSE-SU-2015:0946  View
167181 31749 CVE-2014-3572 openSUSE-SU-2015:1277  View
167182 31749 CVE-2014-3572 openSUSE-SU-2016:0640  View
167183 31749 CVE-2014-3572 HPSBUX03162  View
167184 31749 CVE-2014-3572 SSRT101885  View
167185 31749 CVE-2014-3572 SSRT101987  View
167186 31749 CVE-2014-3572 HPSBHF03289  View
167187 31749 CVE-2014-3572 HPSBOV03318  View
167188 31749 CVE-2014-3572 HPSBMU03380  View
167189 31749 CVE-2014-3572 HPSBMU03409  View
167190 31749 CVE-2014-3572 HPSBMU03396  View
167191 31749 CVE-2014-3572 HPSBMU03413  View
167192 31749 CVE-2014-3572 HPSBMU03397  View
167193 31749 CVE-2014-3572 RHSA-2015:0066  View
167194 31749 CVE-2014-3572 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products  View
167195 31749 CVE-2014-3572 DSA-3125  View
167196 31749 CVE-2014-3572 MDVSA-2015:019  View
167197 31749 CVE-2014-3572 MDVSA-2015:062  View
167198 31749 CVE-2014-3572 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html  View
167199 31749 CVE-2014-3572 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
167200 31749 CVE-2014-3572 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html  View
167201 31749 CVE-2014-3572 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html  View
167202 31749 CVE-2014-3572 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html  View
167203 31749 CVE-2014-3572 71942  View
167204 31749 CVE-2014-3572 1033378  View
167205 31749 CVE-2014-3572 https://bto.bluecoat.com/security-advisory/sa88  View
167206 31749 CVE-2014-3572 https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63  View
167207 31749 CVE-2014-3572 https://kc.mcafee.com/corporate/index?page=content&id=SB10102  View
167208 31749 CVE-2014-3572 https://kc.mcafee.com/corporate/index?page=content&id=SB10108  View
167209 31749 CVE-2014-3572 https://support.apple.com/HT204659  View
167210 31749 CVE-2014-3572 https://www.openssl.org/news/secadv_20150108.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18678 JVNDB-2014-007553 OpenSSL の s3_clnt.c 内の ssl3_get_key_exchange 関数における ECDHE-to-ECDH ダウングレード攻撃を実行される脆弱性 OpenSSL の s3_clnt.c の ssl3_get_key_exchange 関数には、ECDHE-to-ECDH ダウングレード攻撃を実行される、および前方秘匿性の喪失を誘発される脆弱性が存在します。 CVE-2014-3572 70860 CVE-2014-3572 31749 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007553.html 2014-10-24 2016-08-09 View