Back to search
CVE-2014-3511
Published: Aug 13, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2014:1052
vendor-advisory
x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-1052.html
x_refsource_CONFIRM
60221
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
x_refsource_CONFIRM
61184
third-party-advisory
x_refsource_SECUNIA
SSRT101846
vendor-advisory
x_refsource_HP
60022
third-party-advisory
x_refsource_SECUNIA
https://www.openssl.org/news/secadv_20140806.txt
x_refsource_CONFIRM
61017
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0197
vendor-advisory
x_refsource_REDHAT
60377
third-party-advisory
x_refsource_SECUNIA
SSRT101818
vendor-advisory
x_refsource_HP
59887
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
x_refsource_CONFIRM
HPSBMU03304
vendor-advisory
x_refsource_HP
60890
third-party-advisory
x_refsource_SECUNIA
GLSA-201412-39
vendor-advisory
x_refsource_GENTOO
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
x_refsource_CONFIRM
HPSBHF03293
vendor-advisory
x_refsource_HP
HPSBMU03260
vendor-advisory
x_refsource_HP
60803
third-party-advisory
x_refsource_SECUNIA
59700
third-party-advisory
x_refsource_SECUNIA
FEDORA-2014-9308
vendor-advisory
x_refsource_FEDORA
1030693
vdb-entry
x_refsource_SECTRACK
openssl-cve20143511-sec-bypass(95162)
vdb-entry
x_refsource_XF
http://www.splunk.com/view/SP-CAAANHS
x_refsource_CONFIRM
60917
third-party-advisory
x_refsource_SECUNIA
HPSBMU03216
vendor-advisory
x_refsource_HP
http://www.tenable.com/security/tns-2014-06
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10084
x_refsource_CONFIRM
60493
third-party-advisory
x_refsource_SECUNIA
59710
third-party-advisory
x_refsource_SECUNIA
60921
third-party-advisory
x_refsource_SECUNIA
69079
vdb-entry
x_refsource_BID
61043
third-party-advisory
x_refsource_SECUNIA
60810
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
x_refsource_CONFIRM
61100
third-party-advisory
x_refsource_SECUNIA
FreeBSD-SA-14:18
vendor-advisory
x_refsource_FREEBSD
61775
third-party-advisory
x_refsource_SECUNIA
SSRT101894
vendor-advisory
x_refsource_HP
DSA-2998
vendor-advisory
x_refsource_DEBIAN
HPSBMU03263
vendor-advisory
x_refsource_HP
FEDORA-2014-9301
vendor-advisory
x_refsource_FEDORA
61959
third-party-advisory
x_refsource_SECUNIA
59756
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1127504
x_refsource_CONFIRM
HPSBMU03267
vendor-advisory
x_refsource_HP
HPSBMU03261
vendor-advisory
x_refsource_HP
RHSA-2015:0126
vendor-advisory
x_refsource_REDHAT
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
x_refsource_CONFIRM
58962
third-party-advisory
x_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-08182014.txt
x_refsource_CONFIRM
60938
third-party-advisory
x_refsource_SECUNIA
60684
third-party-advisory
x_refsource_SECUNIA
https://support.citrix.com/article/CTX216642
x_refsource_CONFIRM
[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
mailing-list
x_refsource_MLIST
https://techzone.ergon.ch/CVE-2014-3511
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
x_refsource_CONFIRM
61139
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now