2016-02-15 03:59:01 2017-11-21 03:29:00

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Oracle Vm virtualbox 5.0.16 (not an official CPE) OpenSSL Project OpenSSL 1.0.1i OpenSSL Project OpenSSL 1.0.1j OpenSSL Project OpenSSL 1.0.1k OpenSSL Project OpenSSL 1.0.1l Openssl Openssl 1.0.1m (not an official CPE) OpenSSL Project OpenSSL 1.0.1n OpenSSL Project OpenSSL 1.0.1o Openssl Openssl 1.0.1p (not an official CPE) Openssl Openssl 1.0.1q (not an official CPE) OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0.2-beta1 Openssl Openssl 1.0.2 Beta2 (not an official CPE) Openssl Openssl 1.0.2 Beta3 (not an official CPE) Oracle Tuxedo 12.1.1.0 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.55 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.54 (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.53 (not an official CPE) Oracle Oss support tools 8.11.16.3.8 (not an official CPE) Oracle Exalogic infrastructure 2.0 (not an official CPE) Oracle Exalogic infrastructure 1.0 (not an official CPE) Openssl Openssl 1.0.2e (not an official CPE) Openssl Openssl 1.0.2d (not an official CPE) OpenSSL Project OpenSSL 1.0.2c OpenSSL Project OpenSSL 1.0.2b Openssl Openssl 1.0.2a (not an official CPE) OpenSSL Project OpenSSL 1.0.1g OpenSSL Project OpenSSL 1.0.1f OpenSSL Project OpenSSL 1.0.1e OpenSSL Project OpenSSL 1.0.1c OpenSSL Project OpenSSL 1.0.1d OpenSSL Project OpenSSL 1.0.1a OpenSSL Project OpenSSL 1.0.1b OpenSSL Project OpenSSL 1.0.1h OpenSSL Project OpenSSL 1.0.1 Beta3 OpenSSL Project OpenSSL 1.0.1 Beta2 OpenSSL Project OpenSSL 1.0.1 Beta1 OpenSSL Project OpenSSL 1.0.1