Информационная безопасность
[RU] switch to English


Уязвимости безопасности в EMC RSA BSAFE Micro Edition Suite
Опубликовано:5 мая 2014 г.
Источник:
SecurityVulns ID:13730
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько уязвимостей SSL связанных с атакой BEAST и проверкой цепочки сертификатов.
Затронутые продукты:EMC : RSA BSAFE Micro Edition Suite 4.0
CVE:CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentEMC, ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability (05.05.2014)
 documentEMC, ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks (05.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород