CVE-2015-0534

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7 EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2 RSA BSAFE Crypto-J versions prior to 6.2 RSA BSAFE SSL-J versions prior to 6.2 RSA BSAFE SSL-C versions prior to 2.8.10

Description The issue allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion. This is achieved by not enforcing certain constraints on certificate data.

Recommendations For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later. For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For RSA BSAFE Crypto-J versions prior to 6.2, update to version 6.2 or later. For RSA BSAFE SSL-J versions prior to 6.2, update to version 6.2 or later. For RSA BSAFE SSL-C versions prior to 2.8.10, update to version 2.8.10 or later.