CVE-2014-6593
JSSE - SKIP-TLS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit 27.8.4 y 28.3.4 permite a atacantes remotos afectar la confidencialidad e integridad a través de vectores relacionados con JSSE.
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-17 CVE Reserved
- 2015-01-21 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-372: Incomplete Internal State Distinction
CAPEC
References (31)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.html | X_refsource_misc | |
http://www.securityfocus.com/bid/72169 | Vdb Entry | |
http://www.securitytracker.com/id/1031580 | Vdb Entry | |
http://www.vmware.com/security/advisories/VMSA-2015-0003.html | X_refsource_confirm | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10104 | X_refsource_confirm | |
https://www-304.ibm.com/support/docview.wss?uid=swg21695474 | X_refsource_confirm | |
https://www.smacktls.com/#skip | ||
https://www.smacktls.com/smack.pdf |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/38641 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | 2015-01-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jrockit Search vendor "Oracle" for product "Jrockit" | r27.8.4 Search vendor "Oracle" for product "Jrockit" and version "r27.8.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jrockit Search vendor "Oracle" for product "Jrockit" | r28.3.4 Search vendor "Oracle" for product "Jrockit" and version "r28.3.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.5.0 Search vendor "Oracle" for product "Jdk" and version "1.5.0" | update75 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update85 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0" | update71 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0" | update72 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0" | update25 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0" | update6 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.5.0 Search vendor "Oracle" for product "Jre" and version "1.5.0" | update75 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update85 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update71 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update72 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0" | update25 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0" | update6 |
Affected
|