CVE-2014-6593

Public on 2015-01-21
Modified on 2015-02-11
Description
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.
Severity
Medium severity
Medium
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 java-1.6.0-openjdk 2015-02-11 ALAS-2015-480 Fixed
Amazon Linux 1 java-1.7.0-openjdk 2015-01-22 ALAS-2015-471 Fixed
Amazon Linux 1 java-1.8.0-openjdk 2015-01-22 ALAS-2015-472 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N
NVD CVSSv2 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N