CVE-2014-4630
EMC RSA BSAFE Micro Edition Suite (MES) <4.0.6 & RSA BSAFE SSL-J <6...
Title source: llmDescription
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References (3)
Core 3
Core References
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72534
Technical Description x_refsource_misc
https://secure-resumption.com/
Scores
EPSS
0.0025
EPSS Percentile
48.2%
Details
CWE
CWE-310
Status
published
Products (7)
dell/bsafe_micro-edition-suite
4.0.0
dell/bsafe_micro-edition-suite
4.0.1
dell/bsafe_micro-edition-suite
4.0.2
dell/bsafe_micro-edition-suite
4.0.3
dell/bsafe_micro-edition-suite
4.0.4
dell/bsafe_micro-edition-suite
4.0.5
dell/bsafe_ssl-j
< 6.1.2
Published
Dec 30, 2014
Tracked Since
Feb 18, 2026