46 matches found
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
Security Bulletin: Vulnerabilities in Apache Kafka and NGINX affect IBM Spectrum Discover
Summary The vulnerabilities in Apache Kafka could allow a remote attacker to obtain sensitive information and the vulnerabilities in NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TLS servers implementing...
EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)
According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...
Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager
Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...