CVE-2014-0626

RSA BSAFE SSL-J - Unauthenticated Data Processing During TLS Handshake

Title source: llm

Description

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

References (1)

Core 1

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html

Scores

EPSS 0.0018

EPSS Percentile 39.7%

Details

CWE

CWE-310

Status published

Products (6)

dell/bsafe_ssl-j 5.1.2

dell/bsafe_ssl-j 6.0

emc/rsa_bsafe_ssl-j 5.0

emc/rsa_bsafe_ssl-j 5.1.0

emc/rsa_bsafe_ssl-j 5.1.1

emc/rsa_bsafe_ssl-j 6.0.1

Published Feb 18, 2014

Tracked Since Feb 18, 2026