CVE-2014-0224 Scanner
Detects 'CCS Injection (ChangeCipherSpec)' vulnerability in OpenSSL affects v. before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
10 days 10 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
OpenSSL is a widely used open-source library that provides secure encryption and communication protocols for web applications. It is used by millions of websites to enable secure communication between clients and servers. With OpenSSL, sensitive information transmitted between the two parties is encrypted, ensuring confidentiality, integrity, and authenticity.
However, in 2014, a severe vulnerability was detected in OpenSSL. The vulnerability identified as CVE-2014-0224 affected OpenSSL versions 0.9.8, 1.0.0, and 1.0.1. The vulnerability was related to the ChangeCipherSpec request message, which opens the door for a man-in-the-middle attack (MITM). A MITM attack is a type of cyber attack where an attacker inserts themselves into a conversation between two parties and alters or eavesdrops on the communication. With CVE-2014-0224, attackers could intercept and modify the data exchanged between clients and servers, making it possible to hijack a session, corrupt data, or obtain sensitive information.
Exploiting the vulnerability could lead to severe consequences, such as data breaches, loss of confidential information, theft of sensitive data, and the hijacking of sessions. If an attacker is successful in exploiting CVE-2014-0224, they can decrypt and modify transmitted data, posing a significant risk to businesses, individuals, and governments.
With the pro features of the s4e.io platform, individuals and businesses can easily and quickly learn about vulnerabilities in their digital assets. The platform offers proactive security notifications, providing real-time alerts about any potential vulnerabilities or security breaches on websites or web applications. With the ability to detect vulnerabilities before they can be exploited, s4e.io helps to secure digital assets and provide peace of mind.
REFERENCES
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- secunia.com: 58719
- secunia.com: 59449
- secunia.com: 59132
- marc.info: SSRT101818
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- marc.info: HPSBST03098
- marc.info: HPSBMU03058
- secunia.com: 59442
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- marc.info: HPSBOV03047
- marc.info: HPSBST03195
- http://www-01.ibm.com/support/docview.wss?uid=swg21676879
- http://www-01.ibm.com/support/docview.wss?uid=swg24037761
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- secunia.com: 59441
- marc.info: HPSBMU03074
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- marc.info: HPSBMU03094
- https://filezilla-project.org/versions.php?type=server
- http://www-01.ibm.com/support/docview.wss?uid=swg21676786
- secunia.com: 60567
- secunia.com: 59189
- secunia.com: 59368
- mandriva.com: MDVSA-2014:106
- secunia.com: 59142
- http://www-01.ibm.com/support/docview.wss?uid=swg21676478
- http://www-01.ibm.com/support/docview.wss?uid=swg21676845
- secunia.com: 58742
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
- rhn.redhat.com: RHSA-2014:0624
- secunia.com: 59602
- http://www.kerio.com/support/kerio-control/release-history
- secunia.com: 59300
- secunia.com: 58930
- http://www-01.ibm.com/support/docview.wss?uid=swg21677080
- secunia.com: 61815
- secunia.com: 58667
- security.gentoo.org: GLSA-201407-05
- http://www-01.ibm.com/support/docview.wss?uid=swg21677390
- secunia.com: 59191
- secunia.com: 59284
- secunia.com: 59444
- https://www.imperialviolet.org/2014/06/05/earlyccs.html
- http://www.ibm.com/support/docview.wss?uid=swg24037783
- secunia.com: 59365
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- secunia.com: 59305
- http://www-01.ibm.com/support/docview.wss?uid=swg21676529
- secunia.com: 59483
- secunia.com: 58385
- securityfocus.com: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- secunia.com: 59495
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
- http://www-01.ibm.com/support/docview.wss?uid=swg21676889
- lists.fedoraproject.org: FEDORA-2014-9308
- secunia.com: 58945
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- marc.info: HPSBST03106
- secunia.com: 59659
- secunia.com: 59440
- lists.opensuse.org: openSUSE-SU-2016:0640
- secunia.com: 59429
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- secunia.com: 59655
- secunia.com: 59370
- secunia.com: 59827
- secunia.com: 58660
- secunia.com: 59163
- secunia.com: 58716
- secunia.com: 59055
- http://www-01.ibm.com/support/docview.wss?uid=swg21676071
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
- http://www-01.ibm.com/support/docview.wss?uid=swg21677836
- secunia.com: 59437
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
- secunia.com: 60176
- marc.info: HPSBPI03107
- secunia.com: 59101
- http://esupport.trendmicro.com/solution/en-US/1103813.aspx
- secunia.com: 59374
- secunia.com: 59063
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
- https://discussions.nessus.org/thread/7517
- secunia.com: 59310
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- marc.info: HPSBMU03216
- http://www-01.ibm.com/support/docview.wss?uid=swg21676536
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
- www-01.ibm.com: IV61506
- secunia.com: 59502
- http://www.splunk.com/view/SP-CAAAM2D
- secunia.com: 59878
- http://www.fortiguard.com/advisory/FG-IR-14-018/
- lists.opensuse.org: SUSE-SU-2015:0743
- marc.info: HPSBMU03101
- http://www.ibm.com/support/docview.wss?uid=swg21676793
- secunia.com: 59214
- http://www.ibm.com/support/docview.wss?uid=swg21676356
- marc.info: HPSBHF03088
- marc.info: HPSBMU03057
- http://support.citrix.com/article/CTX140876
- secunia.com: 59167
- secunia.com: 59120
- http://www-01.ibm.com/support/docview.wss?uid=swg24037732
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
- marc.info: HPSBMU03053
- secunia.com: 59380
- mandriva.com: MDVSA-2014:105
- secunia.com: 59460
- secunia.com: 59506
- secunia.com: 58939
- marc.info: SSRT101590
- secunia.com: 59661
- secunia.com: 59514
- secunia.com: 59677
- rhn.redhat.com: RHSA-2014:0630
- tools.cisco.com: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
- rhn.redhat.com: RHSA-2014:0632
- http://www-01.ibm.com/support/docview.wss?uid=swg24037730
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www-01.ibm.com/support/docview.wss?uid=swg24037731
- secunia.com: 58745
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- secunia.com: 59438
- http://www.ibm.com/support/docview.wss?uid=isg3T1020948
- http://www-01.ibm.com/support/docview.wss?uid=swg21676496
- secunia.com: 58714
- marc.info: HPSBGN03050
- lists.opensuse.org: openSUSE-SU-2015:0229
- http://ccsinjection.lepidum.co.jp
- secunia.com: 59435
- marc.info: HPSBHF03052
- http://www.openssl.org/news/secadv_20140605.txt
- secunia.com: 58615
- marc.info: HPSBST03265
- seclists.org: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www-01.ibm.com/support/docview.wss?uid=swg21676644
- secunia.com: 59231
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004671
- lists.opensuse.org: SUSE-SU-2015:0578
- http://support.apple.com/kb/HT6443
- secunia.com: 59211
- secunia.com: 58433
- secunia.com: 60066
- http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
- https://access.redhat.com/site/blogs/766093/posts/908133
- secunia.com: 59301
- secunia.com: 60522
- secunia.com: 59784
- https://kb.bluecoat.com/index?page=content&id=SA80
- marc.info: HPSBST03097
- seclists.org: 20140607 Re: More OpenSSL issues
- marc.info: HPSBMU03076
- http://www.f-secure.com/en/web/labs_global/fsc-2014-6
- secunia.com: 59135
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://www-01.ibm.com/support/docview.wss?uid=swg21678167
- secunia.com: 58759
- secunia.com: 59093
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
- http://puppetlabs.com/security/cve/cve-2014-0224
- secunia.com: 59192
- lists.fedoraproject.org: FEDORA-2014-9301
- marc.info: HPSBMU03062
- secunia.com: 58579
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
- secunia.com: 59040
- marc.info: HPSBMU03056
- secunia.com: 59175
- secunia.com: 60819
- marc.info: HPSBMU03051
- secunia.com: 59666
- http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
- secunia.com: 58128
- marc.info: HPSBMU03055
- secunia.com: 59413
- http://www-01.ibm.com/support/docview.wss?uid=swg21676334
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21675821
- http://www-01.ibm.com/support/docview.wss?uid=swg24037870
- secunia.com: 59721
- marc.info: HPSBHF03145
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
- rhn.redhat.com: RHSA-2014:0680
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- secunia.com: 59012
- secunia.com: 58713
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- secunia.com: 59362
- mandriva.com: MDVSA-2015:062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- marc.info: HPSBMU03070
- rhn.redhat.com: RHSA-2014:0631
- secunia.com: 59338
- secunia.com: 59450
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- kb.cert.org: VU#978508
- securitytracker.com: 1031032
- secunia.com: 59287
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
- http://www-01.ibm.com/support/docview.wss?uid=swg21683332
- secunia.com: 59491
- secunia.com: 59364
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
- secunia.com: 59451
- secunia.com: 58977
- https://www.novell.com/support/kb/doc.php?id=7015271
- http://www-01.ibm.com/support/docview.wss?uid=swg21676333
- secunia.com: 60571
- secunia.com: 59459
- http://www-01.ibm.com/support/docview.wss?uid=swg21676833
- secunia.com: 60577
- secunia.com: 59448
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
- http://www.blackberry.com/btsc/KB36051
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- marc.info: HPSBST03103
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
- secunia.com: 59885
- http://www-01.ibm.com/support/docview.wss?uid=swg21677527
- secunia.com: 59202
- rhn.redhat.com: RHSA-2014:0633
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
- secunia.com: 59375
- marc.info: HPSBMU03083
- secunia.com: 59528
- secunia.com: 58337
- secunia.com: 59518
- secunia.com: 59389
- secunia.com: 59162
- secunia.com: 59383
- http://www-01.ibm.com/support/docview.wss?uid=swg21677567
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
- secunia.com: 59490
- secunia.com: 59916
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
- marc.info: HPSBMU03065
- http://www-01.ibm.com/support/docview.wss?uid=swg24037727
- ibm.com: IT02314
- secunia.com: 59043
- secunia.com: 59347
- secunia.com: 60049
- http://www-01.ibm.com/support/docview.wss?uid=swg21676615
- https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
- https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005
- https://crashtest-security.com/prevent-ccs-injection/#what-is-a-ccs-injection-vulnerability
