PT-2015-4699 · Rsa+1 · Rsa Bsafe Ssl-J+1

Publicado

2015-08-20

Atualizado

2021-12-14

CVE-2015-0535

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7 EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2 RSA BSAFE SSL-C version 2.8.9 and earlier

Description The issue makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT RSA ciphers via crafted TLS traffic, related to the "FREAK" issue. This is due to the improper restriction of TLS state transitions.

Recommendations For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later. For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For RSA BSAFE SSL-C version 2.8.9 and earlier, update to a version later than 2.8.9.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2015-0535

Produtos afetados

Emc Rsa Bsafe Micro Edition Suite

Rsa Bsafe Ssl-J

PT-2015-4699 · Rsa+1 · Rsa Bsafe Ssl-J+1

CVE-2015-0535

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3