Lucene search
GoogleOSV:DLA-154-1HistoryFeb 16, 2015 - 12:00 a.m.
nss - security update
2015-02-1600:00:00
Google
osv.dev
11
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
90.7%
nss 3.12.8-1+squeeze11 fixes two security issues:
- CVE-2011-3389
SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen
plaintext attacks which allowed man-in-the middle attackers to obtain
plaintext HTTP headers on an HTTPS session. This issue is known as
the BEAST attack. - CVE-2014-1569
Possible information leak with too-permissive ASN.1 DER decoding of
length.
For Debian 6 Squeeze, these issues have been fixed in nss version 3.12.8-1+squeeze11
References
Related
nessus
nessus
openvas
openvas
Debian: Security Advisory (DLA-154-1)
2023-03-08 00:00:00
Fedora Update for thunderbird FEDORA-2011-17399
2012-01-23 00:00:00
Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
2012-01-11 00:00:00
debian
debian
[SECURITY] [DLA 154-1] nss security update
2015-02-16 15:44:22
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.3-2.fc21
2014-12-25 05:35:12
[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: xulrunner-9.0-2.fc16
2011-12-23 03:31:27
exploitpack
exploitpack
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
zdt
zdt
prion
prion
Session fixation
2011-09-06 19:55:00
Design/Logic Flaw
2014-12-15 18:59:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
HTTP Request Smuggling
2019-01-15 09:03:35
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
mskb
mskb
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2014-1569
2014-12-15 18:59:00
cve
cve
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
ibm
ibm
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2012-10-29 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
ubuntu
ubuntu
NSS vulnerability
2015-01-07 00:00:00
osv
osv
nss - security update
2015-03-13 00:00:00
lighttpd - several
2011-12-20 00:00:00
curl - several
2012-03-31 00:00:00
ubuntucve
ubuntucve
CVE-2014-1569
2014-12-15 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
rubygems
rubygems
rapid7blog
rapid7blog
f5
f5
archlinux
archlinux
nss: signature forgery
2014-12-16 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
90.7%
Related for OSV:DLA-154-1