PT-2015-4698 · Rsa+1 · Rsa Bsafe Ssl-J+2
Published
2015-08-20
·
Updated
2021-12-14
·
CVE-2015-0534
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7
EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2
RSA BSAFE Crypto-J versions prior to 6.2
RSA BSAFE SSL-J versions prior to 6.2
RSA BSAFE SSL-C versions prior to 2.8.10
Description
The issue allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion. This is achieved by not enforcing certain constraints on certificate data.
Recommendations
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.0.x through 4.0.7, update to version 4.0.8 or later.
For EMC RSA BSAFE Micro Edition Suite (MES) versions 4.1.x through 4.1.2, update to version 4.1.3 or later.
For RSA BSAFE Crypto-J versions prior to 6.2, update to version 6.2 or later.
For RSA BSAFE SSL-J versions prior to 6.2, update to version 6.2 or later.
For RSA BSAFE SSL-C versions prior to 2.8.10, update to version 2.8.10 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Rsa Bsafe Micro Edition Suite
Rsa Bsafe Crypto-J
Rsa Bsafe Ssl-J