Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3253-1
HistoryMay 07, 2015 - 12:00 a.m.

pound - security update

2015-05-0700:00:00
Google
osv.dev
12

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON

Pound, a HTTP reverse proxy and load balancer, had several issues
related to vulnerabilities in the Secure Sockets Layer (SSL) protocol.

For Debian 7 (wheezy) this update adds a missing part to make it actually
possible to disable client-initiated renegotiation and disables it by default
(CVE-2009-3555).
TLS compression is disabled (CVE-2012-4929),
although this is normally already disabled by the OpenSSL system library.
Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566)
entirely via the new DisableSSLv3 configuration directive, although it
will not disabled by default in this update. Additionally a non-security
sensitive issue in redirect encoding is
addressed.

For Debian 8 (jessie) these issues have been fixed prior to the release,
with the exception of client-initiated renegotiation (CVE-2009-3555).
This update addresses that issue for jessie.

For the oldstable distribution (wheezy), these problems have been fixed
in version 2.6-2+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 2.6-6+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 2.6-6.1.

We recommend that you upgrade your pound packages.

CPENameOperatorVersion
poundeq2.6-6

Related

nessus 65
openvas 65
debian 8
osv 3
fedora 11
ubuntu 7
prion 1
cve 2
threatpost 1
f5 2
jvn 1
ibm 2
veracode 2
ubuntucve 1
debiancve 1
slackware 1
altlinux 2
hackerone 2
seebug 4
oraclelinux 1
cisco 1
centos 2
redhat 2
suse 1
mozilla 1
securityvulns 5
fortinet 1
checkpoint_advisories 2
nginx 1
github 1
nessus
nessus
Debian DSA-3253-1 : pound - security update (POODLE)
2015-05-11 00:00:00
Debian DLA-400-1 : pound security update (BEAST) (POODLE)
2016-01-25 00:00:00
Debian DSA-2626-1 : lighttpd - several issues
2013-02-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 3253-1 (pound - security update)
2015-05-07 00:00:00
Debian: Security Advisory (DSA-3253-1)
2015-05-06 00:00:00
Debian: Security Advisory (DLA-400-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DSA 3253-1] pound security update
2015-05-07 19:39:51
[SECURITY] [DLA 400-1] pound security update
2016-01-24 04:50:54
[SECURITY] [DSA 2626-1] lighttpd security update
2013-02-17 11:14:16
osv
osv
pound - security update
2016-01-24 00:00:00
lighttpd - several issues
2013-02-17 00:00:00
nginx - information leak
2013-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 11 Update: nss-3.12.6-1.2.fc11
2010-03-23 02:03:18
ubuntu
ubuntu
Qt vulnerability
2012-11-08 00:00:00
OpenSSL vulnerability
2013-07-04 00:00:00
NSS vulnerability
2010-04-09 00:00:00
prion
prion
Design/Logic Flaw
2012-09-15 18:55:00
cve
cve
CVE-2012-4929
2012-09-15 18:55:00
CVE-2009-3555
2009-11-09 17:30:00
threatpost
threatpost
Apple Patches Mass of Security Bugs in OS X and Safari
2013-06-05 09:51:54
f5
f5
SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
2012-12-05 00:00:00
K14054 : CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
2013-09-09 00:00:00
jvn
jvn
JVN#65273415: Android OS issue where it is affected by the CRIME attack
2016-07-22 00:00:00
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)
2020-03-03 19:02:20
Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555)
2020-06-23 08:41:14
veracode
veracode
Information Leakage
2019-01-15 08:58:53
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
ubuntucve
ubuntucve
CVE-2012-4929
2012-09-15 00:00:00
debiancve
debiancve
CVE-2012-4929
2012-09-15 18:55:00
slackware
slackware
openssl
2009-11-16 13:42:36
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
hackerone
hackerone
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
seebug
seebug
TLS Renegotiation Vulnerability PoC Exploit
2009-12-21 00:00:00
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-10 00:00:00
ProFTPD TLS会话重协商明文数据注入漏洞
2009-12-15 00:00:00
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
centos
centos
openssl097a security update
2010-03-27 17:44:36
nspr, nss security update
2010-03-28 15:36:50
redhat
redhat
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update
2010-03-17 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-11 00:00:00
[ MDVSA-2009:337 ] proftpd
2009-12-22 00:00:00
[ MDVSA-2009:295 ] apache
2009-11-09 00:00:00
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against TLS and SSL Spoofing Vulnerability
2010-02-09 00:00:00
TLS Client Initiated Renegotiation (CVE-2009-3555)
2009-11-23 00:00:00
nginx
nginx
The renegotiation vulnerability in SSL protocol
2009-11-09 17:30:00
github
github
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON
Related for OSV:DSA-3253-1
nessus65openvas65debian8osv3fedora11ubuntu7prion1cve2threatpost1f52jvn1ibm2veracode2ubuntucve1debiancve1slackware1altlinux2hackerone2seebug4oraclelinux1cisco1centos2redhat2suse1mozilla1securityvulns5fortinet1checkpoint_advisories2nginx1github1