Vulnerability in IBM SDK Java JSSE affects AIX
|
System information
|
| |
|
|
Affected software |
IBM |
Description
|
A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate bruteforce decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is know as the FREAK attack. CVE(s):
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/vulnerability_in_ibm_sdk_java_jsse_affects_aix?lang=en_us |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2015-0138 ,CVE-2015-0159 and CVE-2015-1889. |
