Search for vulnerabilities
Vulnerability details: VCID-7zby-e6xb-aaan
Vulnerability ID VCID-7zby-e6xb-aaan
Aliases CVE-2014-3511
VC-OPENSSL-20140806-CVE-2014-3511
Summary A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-390 Detection of Error Condition Without Action
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=142660345230545&w=2
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3511.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1052
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1054
rhas Critical https://access.redhat.com/errata/RHSA-2015:0126
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0197
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00713 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.00755 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.05857 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.07179 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.07179 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.077 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
epss 0.19405 https://api.first.org/data/v1/epss?cve=CVE-2014-3511
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-3511
generic_textual Medium https://ubuntu.com/security/notices/USN-2308-1
generic_textual Medium https://www.openssl.org/news/secadv_20140806.txt
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3511.html
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://rhn.redhat.com/errata/RHSA-2015-0197.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3511.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3511
https://bugzilla.redhat.com/show_bug.cgi?id=1127504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
http://secunia.com/advisories/58962
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/59887
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60377
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60803
http://secunia.com/advisories/60810
http://secunia.com/advisories/60890
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61017
http://secunia.com/advisories/61043
http://secunia.com/advisories/61100
http://secunia.com/advisories/61139
http://secunia.com/advisories/61184
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://security.gentoo.org/glsa/glsa-201412-39.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://kc.mcafee.com/corporate/index?page=content&id=SB10084
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://support.citrix.com/article/CTX216642
https://techzone.ergon.ch/CVE-2014-3511
https://ubuntu.com/security/notices/USN-2308-1
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
https://www.openssl.org/news/secadv/20140806.txt
https://www.openssl.org/news/secadv_20140806.txt
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www.arubanetworks.com/support/alerts/aid-08182014.txt
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.securityfocus.com/bid/69079
http://www.securitytracker.com/id/1030693
http://www.splunk.com/view/SP-CAAANHS
http://www.tenable.com/security/tns-2014-06
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
CVE-2014-3511 https://nvd.nist.gov/vuln/detail/CVE-2014-3511
GLSA-201412-39 https://security.gentoo.org/glsa/201412-39
RHSA-2014:1052 https://access.redhat.com/errata/RHSA-2014:1052
RHSA-2014:1054 https://access.redhat.com/errata/RHSA-2014:1054
RHSA-2015:0126 https://access.redhat.com/errata/RHSA-2015:0126
RHSA-2015:0197 https://access.redhat.com/errata/RHSA-2015:0197
USN-2308-1 https://usn.ubuntu.com/2308-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3511
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80897
EPSS Score 0.00713
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.