CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0887
https://notcve.org/view.php?id=CVE-2016-0887
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicación para detectar un fallo de firma RSA durante una sesión TLS. • http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html http://seclists.org/bugtraq/2016/Apr/66 http://www.securityfocus.com/archive/1/538055/100/0/threaded http://www.securitytracker.com/id/1035515 http://www.securitytracker.com/id/1035516 http://www.securitytracker.com/id/1035517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4630
https://notcve.org/view.php?id=CVE-2014-4630
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociación como lo era antes de ella, lo que permite ataques 'man-in-the-middle' para obtener información sensible o modificar datos de la sesión TLS a través de 'ataque de triple negociación' • http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html http://www.securityfocus.com/bid/72534 https://secure-resumption.com • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0636
https://notcve.org/view.php?id=CVE-2014-0636
EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x anterior a 3.2.6 y 4.0.x anterior a 4.0.5 no valida debidamente cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de una cadena de certificados manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html http://www.securityfocus.com/bid/66791 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0628
https://notcve.org/view.php?id=CVE-2014-0628
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El servidor en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.5 no procesa debidamente cadenas de certificados, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html • CWE-20: Improper Input Validation •