168 matches found
Medium: sendmail
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Medium: nginx
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Medium: vsftpd
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...
Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2023-018)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-018 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
Amazon Linux 2023 : vsftpd (ALAS2023-2023-019)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-019 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
CBL Mariner 2.0 Security Update: nginx / vsftpd (CVE-2021-3618)
The version of nginx / vsftpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3618 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing...
K000132639: ALPACA: TLS vulnerability CVE-2021-3618
Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...
SUSE CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
SUSE: Security Advisory (SUSE-SU-2022:4266-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4265-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4266-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4266-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...
SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4265-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4265-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...
SUSE-SU-2022:4266-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...
SUSE-SU-2022:4265-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...
SUSE: Security Advisory (SUSE-SU-2022:4192-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4201-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3203-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2022:4201-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4201-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenabl...
SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4192-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4192-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...