CVE-2014-3568

Public on 2014-10-15
Modified on 2014-10-15
Description

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

Severity
Low
CVSS v3 Base Score
2.6
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 openssl 2014-10-15 16:14 ALAS-2014-427

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N