Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-222

CVE-2015-0293 openssl: assertion failure in SSLv2 servers [jbews-3.0.0]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • JWS 3.0.3 DR3
    • JWS 3.0.0 GA
    • openssl
    • None

      A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
      servers that both support SSLv2 and enable export cipher suites by sending
      a specially crafted SSLv2 CLIENT-MASTER-KEY message.

            rhn-engineering-jclere Jean-Frederic Clere
            rhn-support-twalsh Tim Walsh
            Michal Karm Michal Karm
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: