QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-3572

Back to search

CVE-2014-3572

Published: Jan 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

VendorProductVersions

n/a

n/a

affected
n/a

References

HPSBOV03318
vendor-advisory
x_refsource_HP
openSUSE-SU-2015:0130
vendor-advisory
x_refsource_SUSE
HPSBGN03299
vendor-advisory
x_refsource_HP
HPSBMU03409
vendor-advisory
x_refsource_HP
71942
vdb-entry
x_refsource_BID
HPSBMU03380
vendor-advisory
x_refsource_HP
1033378
vdb-entry
x_refsource_SECTRACK
HPSBHF03289
vendor-advisory
x_refsource_HP
openSUSE-SU-2016:0640
vendor-advisory
x_refsource_SUSE
MDVSA-2015:019
vendor-advisory
x_refsource_MANDRIVA
openSUSE-SU-2015:1277
vendor-advisory
x_refsource_SUSE
RHSA-2015:0066
vendor-advisory
x_refsource_REDHAT
HPSBUX03244
vendor-advisory
x_refsource_HP
APPLE-SA-2015-04-08-2
vendor-advisory
x_refsource_APPLE
SUSE-SU-2015:0578
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:0946
vendor-advisory
x_refsource_SUSE
HPSBMU03397
vendor-advisory
x_refsource_HP
HPSBMU03396
vendor-advisory
x_refsource_HP
HPSBUX03162
vendor-advisory
x_refsource_HP
SSRT101987
vendor-advisory
x_refsource_HP
MDVSA-2015:062
vendor-advisory
x_refsource_MANDRIVA
HPSBMU03413
vendor-advisory
x_refsource_HP
SSRT101885
vendor-advisory
x_refsource_HP
DSA-3125
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now