Computer Security
[EN] securityvulns.ru no-pyccku


EMC RSA BSAFE Micro Edition Suite security vulnerabilities
Published:05.05.2014
Source:
SecurityVulns ID:13730
Type:remote
Threat Level:
5/10
Description:Few SSL related vulnerabilities in certificates chain validation and BEAST attacks.
Affected:EMC : RSA BSAFE Micro Edition Suite 4.0
CVE:CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentEMC, ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability (05.05.2014)
 documentEMC, ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks (05.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod