{"url":"http://public2.vulnerablecode.io/api/packages/176997?format=json","purl":"pkg:rpm/redhat/openssl@0.9.8e-12.el5_6?arch=12","type":"rpm","namespace":"redhat","name":"openssl","version":"0.9.8e-12.el5_6","qualifiers":{"arch":"12"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97093?format=json","vulnerability_id":"VCID-kpyv-ydcz-1qev","summary":"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0224.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0224","reference_id":"","reference_type":"","scores":[{"value":"0.89694","scoring_system":"epss","scoring_elements":"0.99584","published_at":"2026-06-04T12:55:00Z"},{"value":"0.89694","scoring_system":"epss","scoring_elements":"0.99585","published_at":"2026-06-08T12:55:00Z"},{"value":"0.89694","scoring_system":"epss","scoring_elements":"0.99586","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1103586","reference_id":"1103586","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1103586"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750665","reference_id":"750665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750665"},{"reference_url":"https://security.gentoo.org/glsa/201407-05","reference_id":"GLSA-201407-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201407-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0624","reference_id":"RHSA-2014:0624","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0624"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0625","reference_id":"RHSA-2014:0625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0626","reference_id":"RHSA-2014:0626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0627","reference_id":"RHSA-2014:0627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0628","reference_id":"RHSA-2014:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0629","reference_id":"RHSA-2014:0629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0630","reference_id":"RHSA-2014:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0631","reference_id":"RHSA-2014:0631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0632","reference_id":"RHSA-2014:0632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0633","reference_id":"RHSA-2014:0633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0679","reference_id":"RHSA-2014:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0680","reference_id":"RHSA-2014:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0680"},{"reference_url":"https://usn.ubuntu.com/2232-1/","reference_id":"USN-2232-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2232-1/"}],"fixed_packages":[],"aliases":["CVE-2014-0224"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpyv-ydcz-1qev"}],"fixing_vulnerabilities":[],"risk_score":"1.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@0.9.8e-12.el5_6%3Farch=12"}