CVE-2014-0627

RSA BSAFE SSL-J - Weak Cipher Suite Selection via SSLEngine Wrap Method

Title source: llm
STIX 2.1

Description

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html

Scores

EPSS 0.0024
EPSS Percentile 47.5%

Details

CWE
CWE-310
Status published
Products (6)
dell/bsafe_ssl-j 5.1.2
dell/bsafe_ssl-j 6.0
emc/rsa_bsafe_ssl-j 5.0
emc/rsa_bsafe_ssl-j 5.1.0
emc/rsa_bsafe_ssl-j 5.1.1
emc/rsa_bsafe_ssl-j 6.0.1
Published Feb 18, 2014
Tracked Since Feb 18, 2026