7 matches found
Security Bulletin: OpenSSL security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4353, CVE-2013-6449, CVE-2013-6450)
Summary For the three security issues with openssl that could result in denial of service, a fix is available for IBM Storwize V7000 Unified system. Vulnerability Details CVEID: CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 DESCRIPTION: OpenSSL is used in IBM Storwize V7000 Unified system for providi...
Man-in-the-Middle (MitM)
OpenSSL is vulnerable to man in the middle MitM attacks. These attacks are possible because the DTLS retransmission implementation doesn't correctly maintain data structures for digest and encryption contexts...
F5 Networks BIG-IP : OpenSSL vulnerability (K15158)
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...
OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1f. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1f advisory. - The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NUL...
DEBIAN-CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...
CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...
Information disclosure
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...