CVE-2014-4630

Currently unrated

Key Information:

Vendor: Dell
Status: Bsafe Micro-edition-suite; Bsafe Ssl-j
Vendor: CVE Published:; 30 December 2014

Summary

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

References

http://archives.neohapsis.com/archives/bugtraq/2014-12/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/72534

vdb-entryx_refsource_BID

https://secure-resumption.com/

x_refsource_MISC

Timeline

Vulnerability published
Dec 30, 2014
Vulnerability Reserved
Jun 24, 2014