var-201402-0434
Vulnerability from variot
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. RSA BSAFE SSL-J is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to consume excess memory, denying service to legitimate users. Versions prior to RSA BSAFE SSL-J 5.1.3, 6.0.2 and 6.1.1 are vulnerable. EMC RSA BSAFE is a security software product of American EMC Corporation. The product supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2014-009: RSA BSAFE\xae SSL-J Multiple Vulnerabilities
EMC Identifier: ESA-2014-009
CVE Identifier: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627
Severity Rating: CVSS v2 Base Score: See below for individual scores
Affected Products: All versions of RSA BSAFE SSL-J (SSL-J) 5.x, SSL-J 6.0
Unaffected Products: SSL-J 5.1.3, 6.0.2 and 6.1.x
Summary: SSL-J 6.1.x, 6.0.2 and 5.1.3 contain updates designed to prevent multiple potential security vulnerabilities. Addressed issues include: 1. SSL/TLS Renegotiation Denial of Service Vulnerability (CVE-2011-1473) 2. SSLEngine API Information Disclosure Vulnerability (CVE-2014-0627) 3. SSL-J JSAFE and JSSE API Information Disclosure Vulnerability (CVE-2014-0626) 4. SSLSocket Denial of Service Vulnerability (CVE-2014-0625)
Details: SSL/TLS Renegotiation Denial of Service Vulnerability (CVE-2011-1473) An application that does not properly restrict client-initiated renegotiation within the SSL and TLS protocols could be vulnerable to a denial of service (CPU consumption) from remote attackers that perform many renegotiations within a single connection. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1473 for more information.
SSL-J 6.1.x, 6.0.2 and 5.1.3 are designed to include a patch to determine the number of renegotiations that have been initiated by each SSL/TLS client for each connection, and to help ensure that the server can set a limit on renegotiation requests.
CVSS v2 Base Score:5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
SSLEngine API Information Disclosure Vulnerability (CVE-2014-0627) When the SSL-J implementation of the SSLEngine API is used, it is possible for Application Data to be sent using the \x93wrap\x94 method, after sending the Finished message. However at this time, when the initial handshake is either an abbreviated handshake in server mode or a full handshake in client mode, the handshake is incomplete because the peer\x92s Finished message has not been received. This can occur for both the TLS client and server. The Application Data that is sent in this manner could be vulnerable to an attacker forcing the use of a weak cipher suite (if weak cipher suites are enabled).
CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)
SSL-J JSAFE and JSSE API Information Disclosure Vulnerability (CVE-2014-0626) Unencrypted and unauthenticated Application Data can be received by the client or server during the TLS handshake. This Application Data is indistinguishable from data received after the completion of the handshake. This applies to the SSL-J JSAFE and JSSE APIs.
CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)
SSLSocket Denial of Service Vulnerability (CVE-2014-0625) If SSLSocket (from both the JSAFE and JSSE APIs) is used, Application Data that is received while a handshake is in progress is placed in an internal buffer. This buffer can grow and use up large amounts of memory.
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Recommendation: RSA recommends that customers on SSL-J 5.1.x or lower upgrade to SSL-J 5.1.3, 6.0.2 or 6.1.1. RSA recommends that customers on SSL-J 6.0 upgrade to SSL-J 6.0.2 or 6.1.1. The patch to address CVE-2011-1473 is only applicable on the server side.
Obtaining Downloads: To request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service.
Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.
Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com.
Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information: http://www.emc.com/support/rsa/index.htm
RSA SecurCare Online: https://knowledge.rsasecurity.com
EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm
SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.
Sincerely, RSA Customer Support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin)
iEYEARECAAYFAlL+J8kACgkQtjd2rKp+ALx9YACdGPsy/gb0z9h5Dpz7vRtn19Gg iboAn2FBLI5QgwQNSzHY3t0Abc38c3tp =DDww -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "5.1.0"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "5.0"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "5.1.1"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "6.0.1"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "6.0"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "5.1.2"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "5.1.3"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "6.0.2"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for service platform"
},
{
"model": "rsa bsafe ssl-j",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "5.x"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "rsa bsafe ssl-j",
"scope": "lt",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "6.x"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "5.1.2"
},
{
"model": "rsa bsafe ssl-j",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "6.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0625"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "65599"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0625",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-68118",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0625",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-227",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68118",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-0625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. RSA BSAFE SSL-J is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to consume excess memory, denying service to legitimate users. \nVersions prior to RSA BSAFE SSL-J 5.1.3, 6.0.2 and 6.1.1 are vulnerable. EMC RSA BSAFE is a security software product of American EMC Corporation. The product supports encryption algorithms, certificate chain verification, and Transport Layer Security (TLS) cipher suites, etc., to help users achieve various security goals for their applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-009: RSA BSAFE\\xae SSL-J Multiple Vulnerabilities\n\nEMC Identifier: ESA-2014-009\n\nCVE Identifier: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627\n\nSeverity Rating: CVSS v2 Base Score: See below for individual scores\n \nAffected Products:\nAll versions of RSA BSAFE SSL-J (SSL-J) 5.x, SSL-J 6.0\n \nUnaffected Products:\nSSL-J 5.1.3, 6.0.2 and 6.1.x\n \nSummary: \nSSL-J 6.1.x, 6.0.2 and 5.1.3 contain updates designed to prevent multiple potential security vulnerabilities. \nAddressed issues include:\n1. SSL/TLS Renegotiation Denial of Service Vulnerability (CVE-2011-1473)\n2. SSLEngine API Information Disclosure Vulnerability (CVE-2014-0627)\n3. SSL-J JSAFE and JSSE API Information Disclosure Vulnerability (CVE-2014-0626)\n4. SSLSocket Denial of Service Vulnerability (CVE-2014-0625)\n \nDetails: \nSSL/TLS Renegotiation Denial of Service Vulnerability (CVE-2011-1473)\nAn application that does not properly restrict client-initiated renegotiation within the SSL and TLS protocols could be vulnerable to a denial of service (CPU consumption) from remote attackers that perform many renegotiations within a single connection. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1473 for more information. \n\nSSL-J 6.1.x, 6.0.2 and 5.1.3 are designed to include a patch to determine the number of renegotiations that have been initiated by each SSL/TLS client for each connection, and to help ensure that the server can set a limit on renegotiation requests. \n\nCVSS v2 Base Score:5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n \nSSLEngine API Information Disclosure Vulnerability (CVE-2014-0627)\nWhen the SSL-J implementation of the SSLEngine API is used, it is possible for Application Data to be sent using the \\x93wrap\\x94 method, after sending the Finished message. However at this time, when the initial handshake is either an abbreviated handshake in server mode or a full handshake in client mode, the handshake is incomplete because the peer\\x92s Finished message has not been received. This can occur for both the TLS client and server. \nThe Application Data that is sent in this manner could be vulnerable to an attacker forcing the use of a weak cipher suite (if weak cipher suites are enabled). \n\nCVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n \nSSL-J JSAFE and JSSE API Information Disclosure Vulnerability (CVE-2014-0626)\nUnencrypted and unauthenticated Application Data can be received by the client or server during the TLS handshake. This Application Data is indistinguishable from data received after the completion of the handshake. This applies to the SSL-J JSAFE and JSSE APIs. \n\nCVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n \nSSLSocket Denial of Service Vulnerability (CVE-2014-0625)\nIf SSLSocket (from both the JSAFE and JSSE APIs) is used, Application Data that is received while a handshake is in progress is placed in an internal buffer. This buffer can grow and use up large amounts of memory. \n\nCVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n \nRecommendation:\nRSA recommends that customers on SSL-J 5.1.x or lower upgrade to SSL-J 5.1.3, 6.0.2 or 6.1.1. \nRSA recommends that customers on SSL-J 6.0 upgrade to SSL-J 6.0.2 or 6.1.1. \nThe patch to address CVE-2011-1473 is only applicable on the server side. \n \nObtaining Downloads: \nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. \n\nObtaining Documentation:\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. \n\nSeverity Rating:\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \\x93Security Advisories Severity Rating\\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nObtaining More Information:\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com. \n\nGetting Support and Service:\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help \u0026 Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. \n\nGeneral Customer Support Information:\nhttp://www.emc.com/support/rsa/index.htm\n\nRSA SecurCare Online:\nhttps://knowledge.rsasecurity.com\n\nEOPS Policy:\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \nhttp://www.emc.com/support/rsa/eops/index.htm\n\nSecurCare Online Security Advisories\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. \n\nAbout RSA SecurCare Notes \u0026 Security Advisories Subscription\nRSA SecurCare Notes \u0026 Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\\x92d like to stop receiving RSA SecurCare Notes \u0026 Security Advisories, or if you\\x92d like to change which RSA product family Notes \u0026 Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes \u0026 Security Advisories you no longer want to receive. Click the Submit button to save your selection. \n\nSincerely,\nRSA Customer Support\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (Cygwin)\n\niEYEARECAAYFAlL+J8kACgkQtjd2rKp+ALx9YACdGPsy/gb0z9h5Dpz7vRtn19Gg\niboAn2FBLI5QgwQNSzHY3t0Abc38c3tp\n=DDww\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "BID",
"id": "65599"
},
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"db": "PACKETSTORM",
"id": "125239"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0625",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227",
"trust": 0.7
},
{
"db": "BID",
"id": "65599",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-68118",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0625",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125239",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"db": "BID",
"id": "65599"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "PACKETSTORM",
"id": "125239"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"id": "VAR-201402-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68118"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:09:17.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emc.com/index.htm"
},
{
"title": "HS14-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-010/index.html"
},
{
"title": "HS14-010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs14-010/index.html"
},
{
"title": "RSA BSAFE SSL-J",
"trust": 0.8,
"url": "http://japan.emc.com/security/rsa-bsafe/rsa-bsafe-ssl-j.htm"
},
{
"title": "EMC RSA BSAFE JSAFE and JSSE API Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0625"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0625"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.emc.com/support/rsa/contact/phone-numbers.htm)"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473"
},
{
"trust": 0.1,
"url": "http://www.emc.com/support/rsa/eops/index.htm"
},
{
"trust": 0.1,
"url": "http://www.rsa.com."
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0626"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0625"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0627"
},
{
"trust": 0.1,
"url": "http://www.emc.com/support/rsa/index.htm"
},
{
"trust": 0.1,
"url": "https://knowledge.rsasecurity.com,"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "PACKETSTORM",
"id": "125239"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68118"
},
{
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"db": "BID",
"id": "65599"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"db": "PACKETSTORM",
"id": "125239"
},
{
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-68118"
},
{
"date": "2014-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"date": "2014-02-17T00:00:00",
"db": "BID",
"id": "65599"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"date": "2014-02-17T18:02:22",
"db": "PACKETSTORM",
"id": "125239"
},
{
"date": "2014-02-18T00:55:05.143000",
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"date": "2014-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-68118"
},
{
"date": "2021-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0625"
},
{
"date": "2014-02-17T00:00:00",
"db": "BID",
"id": "65599"
},
{
"date": "2014-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001424"
},
{
"date": "2021-12-09T18:31:15.063000",
"db": "NVD",
"id": "CVE-2014-0625"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC RSA BSAFE SSL-J of API of SSLSocket Service disruption in implementations (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-227"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.