CVE-2014-0636
https://notcve.org/view.php?id=CVE-2014-0636
EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x anterior a 3.2.6 y 4.0.x anterior a 4.0.5 no valida debidamente cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de una cadena de certificados manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html http://www.securityfocus.com/bid/66791 • CWE-310: Cryptographic Issues •
CVE-2014-0628
https://notcve.org/view.php?id=CVE-2014-0628
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El servidor en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.5 no procesa debidamente cadenas de certificados, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html • CWE-20: Improper Input Validation •