CVE-2014-3568

Public on 2014-10-15
Modified on 2014-10-15
Description
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
2.6
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 openssl 2014-10-15 ALAS-2014-427 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2014-3568 Mitre: CVE-2014-3568