SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   RSA BSAFE Crypto-C Vendors:   RSA
RSA BSAFE SSL-J Bugs Let Remote Users Obtain Potentially Sensitive Information and Deny Service
SecurityTracker Alert ID:  1029772
SecurityTracker URL:  http://securitytracker.com/id/1029772
CVE Reference:   CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627   (Links to External Site)
Date:  Feb 18 2014
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.x prior to 5.1.3; 6.0 prior to 6.0.2
Description:   Several vulnerabilities were reported in RSA BSAFE SSL-J. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information.

A remote user can request multiple SSL session renegotiations within a single connect to consume excessive CPU resources on the target system [CVE-2011-1473].

If SSLSocket in the SSL-J JSAFE and JSSE APIs, some Application Data may consume large amounts of memory on the target system [CVE-2014-0625].

When the SSL-J JSAFE and JSSE APIs are used, some Application Data may be sent without encryption and authentication [CVE-2014-0626].

When the SSLEngine API is used, some Application Data may be sent using a weak cipher suite [CVE-2014-0627].

Impact:   A remote user can consume excessive CPU and memory resources on the target system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (5.1.3, 6.0.2, 6.1.x).
Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Access control error, Resource error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC