Boletines de Vulnerabilidades

IBM Security Bulletin: Websphere DataPower vulnerability in SSL ChangeCipherSpec processing (CVE-2014-0224)

Información sobre el sistema
   
Software afectado IBM

Descripción
A security vulnerability in ChangeCipherSpec processing allows intermediate nodes to intercept encrypted data and decrypt them and can force the use of weak keying material in SSL/TLS clients and servers. CVE(s): CVE-2014-0224 Affected product(s) and affected version(s): WebSphere DataPower SOA Appliances versions 4.0.2.15, 5.0.0.14, 6.0.0.6, and 6.0.1.2. Note that version 7.0.0.0 is not affected. Refer to the following reference URLs for remediation and additional vulnerability details:

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_websphere_datapower_vulnerability_in_ssl_changecipherspec_processing_cve_2014_0224?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-0224 ,CVE-2014-3470 and CVE-2014-0076.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-06-21

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT