129 matches found
Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by WebSphere Application Server underneath IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM SDK Java™ Technology Edition updates in January 2015...
Security Bulletin: Current release of IBM® WebSphere Real Time is affected by CVE-2015-0138
Summary "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An I...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK...
Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-0159, CVE-2015-0138 and CVE-2014-6221)
Summary GSKit is an IBM component that is used by IBM WebSphere MQ. The GSKit that is shipped with IBM WebSphere MQ contains multiple security vulnerabilities including the "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (HP-NSS and OVMS platforms) and Eclipse Paho MQTT C Client libraries (Windows and Linux platforms) (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM WebSphere MQ on HP-NSS and HP OpenVMS platforms. Vulnerability Details CVEID:...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Light (CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205)
Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM MQ Light. IBM MQ Light has addressed the applicable CVEs. Vulnerability Details CVEI...
Security Bulletin: Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...
A2SV - Auto Scanning to SSL Vulnerability
█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...
Export-Grade Crypto Patching Improves
LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...
Logstash: SSL/TLS FREAK Attack
Logstash: SSL/TLS FREAK Attack: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server...
PT-2015-5505
Name of the Vulnerable Software and Affected Versions IBM Java 8 versions before SR1 Description The issue allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. Additionally, a vulnerability in IBM SSL/TLS...
Apple Releases Patches For a Watch
What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch. And that’s what Apple has done for the first time, releasing a long list of fixes for security problems with the Apple Watch OS. At least one of the...
PT-2015-4518
Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 8 SR1 IBM Java 7 R1 versions prior to SR2 FP11 IBM Java 7 versions prior to SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10 Description The...
MySQL SSL/TLS connection there is a security vulnerability, by the man in the middle attacks-vulnerability warning-the black bar safety net
Due to the client in the connection to MySQL when the SSL options are used improperly, may cause middle attack. The vulnerability will cause the database to the communication data in plaintext form in the network transmission. Vulnerability details This vulnerability with the client”–ssl”option h...
AIX IBM SDK Java JSSE vulnerability
IBM SECURITY ADVISORY First Issued: Mon Apr 13 12:11:24 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajsseadvisory.asc https://aix.software.ibm.com/aix/efixes/security/javajsseadvisory.asc...
Debian DLA-176-1 : mono security update
Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...
[SECURITY] [DLA 176-1] mono security update
Package : mono Version : 2.6.7-5.1+deb6u1 CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Debian Bug : 780751 Three issues with Monos TLS stack are addressed. CVE-2015-2318 Monos implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various...
DLA-176-1 mono - security update
Bulletin has no description...
Shared Keys Simplify, Cheapen FREAK Attacks
UPDATE: First the good news: it would seem that large providers and individual server admins have for the most part found and spiked export-grade cipher suites vulnerable to the FREAK attack. The bad news: It would seem it’s even less expensive than first believed to exploit the remaining servers...
BlackBerry Warns Many Products Vulnerable to FREAK Attack
BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from...