IBM Security Bulletin: Websphere DataPower vulnerability in SSL ChangeCipherSpec processing (CVE-2014-0224)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
A security vulnerability in ChangeCipherSpec processing allows intermediate nodes to intercept encrypted data and decrypt them and can force the use of weak keying material in SSL/TLS clients and servers. CVE(s): CVE-2014-0224 Affected product(s) and affected version(s): WebSphere DataPower SOA Appliances versions 4.0.2.15, 5.0.0.14, 6.0.0.6, and 6.0.1.2. Note that version 7.0.0.0 is not affected. Refer to the following reference URLs for remediation and additional vulnerability details:
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_websphere_datapower_vulnerability_in_ssl_changecipherspec_processing_cve_2014_0224?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-0224 ,CVE-2014-3470 and CVE-2014-0076. |