Lucene search
+L

46 matches found

Debian CVE
Debian CVE
added 2022/03/23 12:0 a.m.224 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/08 5:15 p.m.40 views

Security Bulletin: Vulnerabilities in Apache Kafka and NGINX affect IBM Spectrum Discover

Summary The vulnerabilities in Apache Kafka could allow a remote attacker to obtain sensitive information and the vulnerabilities in NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TLS servers implementing...

7.4CVSS7AI score0.06252EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.43 views

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...

9.8CVSS8.1AI score0.53461EPSS
Exploits11References4
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:10 p.m.54 views

Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...

7.4CVSS7.2AI score0.02037EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2021/06/24 6:25 a.m.181 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS3.5AI score0.02037EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2021/06/09 4:39 p.m.134 views

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...

0.2AI score
Exploits0
Rows per page
Query Builder