Vulnerability Description
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Bsafe Micro-Edition-Suite | 4.0.0 |
| Dell | Bsafe Ssl-J | <= 6.1.2 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.htmlBroken Link
- http://www.securityfocus.com/bid/72534Third Party AdvisoryVDB Entry
- https://secure-resumption.com/Technical Description
- http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.htmlBroken Link
- http://www.securityfocus.com/bid/72534Third Party AdvisoryVDB Entry
- https://secure-resumption.com/Technical Description
FAQ
What is CVE-2014-4630?
CVE-2014-4630 is a vulnerability with a CVSS score of 4.3 (MEDIUM). EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiat...
How severe is CVE-2014-4630?
CVE-2014-4630 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4630?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Bsafe Micro-Edition-Suite, Dell Bsafe Ssl-J.