Lucene search
+L

187 matches found

RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.7 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.13 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:31 p.m.11 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:27 p.m.8 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.7 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/11/23 8:0 p.m.51 views

CVE-2011-1096

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5.5AI score0.02587EPSS
Exploits0References31
RedHat Linux
RedHat Linux
added 2012/10/03 3:8 p.m.4 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/09/24 3:55 p.m.4 views

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS7.4AI score0.28154EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/09/24 3:52 p.m.2 views

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS7.4AI score0.28154EPSS
Exploits0References5
OSV
OSV
added 2012/05/14 10:55 p.m.4 views

DEBIAN-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS8.7AI score0.28154EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/02/29 2:46 p.m.5 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2012/01/09 8:3 p.m.3 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2011/11/14 12:0 a.m.36 views

Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

10CVSS0.3AI score0.96714EPSS
Exploits20References2
Amazon
Amazon
added 2011/10/31 12:0 a.m.63 views

Critical: java-1.6.0-openjdk

Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...

10CVSS9.3AI score0.96714EPSS
Exploits20References1
RedHat Linux
RedHat Linux
added 2011/10/18 11:19 p.m.6 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
ThreatPost
ThreatPost
added 2011/09/27 4:1 p.m.7 views

Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version

Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...

1AI score
Exploits0References5
OSV
OSV
added 2011/09/06 7:55 p.m.5 views

DEBIAN-CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS8.4AI score0.73327EPSS
Exploits4References1
OSV
OSV
added 2010/09/17 6:0 p.m.9 views

UBUNTU-CVE-2010-3074

SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...

2.1CVSS5.8AI score0.00386EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2009/09/02 8:0 a.m.15 views

OpenSSH: Plaintext Recovery Attack against CBC ciphers

Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...

3.7CVSS6.8AI score0.15395EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2008/11/19 5:30 p.m.2 views

CVE-2008-5161

Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...

3.7CVSS6.8AI score0.15395EPSS
Exploits1References44
Rows per page
Query Builder