CVE-2014-0625
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
La implementación SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la activación del procesamiento de los datos de aplicación durante el handshake de TLS, en el momento cuando los datos están almacenados en buffer internamente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-02 CVE Reserved
- 2014-02-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Bsafe Ssl-j Search vendor "Dell" for product "Bsafe Ssl-j" | 5.1.2 Search vendor "Dell" for product "Bsafe Ssl-j" and version "5.1.2" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Bsafe Ssl-j Search vendor "Dell" for product "Bsafe Ssl-j" | 6.0 Search vendor "Dell" for product "Bsafe Ssl-j" and version "6.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.0 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.1.0 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.1.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 5.1.1 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "5.1.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Rsa Bsafe Ssl-j Search vendor "Emc" for product "Rsa Bsafe Ssl-j" | 6.0.1 Search vendor "Emc" for product "Rsa Bsafe Ssl-j" and version "6.0.1" | - |
Affected
| ||||||