EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link |
http://www.securityfocus.com/bid/72534 | Third Party Advisory VDB Entry |
https://secure-resumption.com/ | Technical Description |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2014-12-30T15:00:00
Updated: 2015-02-16T15:57:00
Reserved: 2014-06-24T00:00:00
Link: CVE-2014-4630
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-12-30T15:59:00.063
Modified: 2021-12-09T18:31:28.947
Link: CVE-2014-4630
JSON object: View
Redhat Information
No data.
CWE