Описание
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00243
Низкий
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
EPSS
Процентиль: 47%
0.00243
Низкий
5 Medium
CVSS2
Дефекты
CWE-310