CVE-2014-3566

Public on 2014-10-14
Modified on 2015-02-11
Description
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
Severity
Important severity
Important
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 1 java-1.6.0-openjdk 2015-02-11 ALAS-2015-480 Fixed
HAQM Linux 1 java-1.7.0-openjdk 2015-01-22 ALAS-2015-471 Fixed
HAQM Linux 1 java-1.8.0-openjdk 2015-01-22 ALAS-2015-472 Fixed
HAQM Linux 1 nss 2014-10-16 ALAS-2014-429 Fixed
HAQM Linux 1 openssl 2014-10-14 ALAS-2014-426 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N
NVD CVSSv3 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N