117 matches found
Oracle Linux 7 : openssl098e (ELSA-2014-0680)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-0680 advisory. 0.9.8e-29.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability Tenable has extracted the preceding description block directly from the Oracle Linux security...
openssl098e security update
0.9.8e-29.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability...
Oracle Linux 4 : openssl (ELSA-2014-3040)
Description of changes: 0.9.7a-43.18.0.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Oracle Linux Security Advisory ELSA-2014-3040...
openssl security update
0.9.7a-43.18.0.2 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability...
CentOS Update for openssl098e CESA-2014:0626 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl security update
1.0.1e-16.14 - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerabilit...
openssl security update
0.9.8e-27.3 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability 0.9.8e-27.1 - replace expired GlobalSign Root CA certificate in ca-bundle.crt...
Opera < 12.17 opera_autoupdate.exe MITM Vulnerability
The version of Opera installed on the remote host is prior to version 12.17, and thus includes an automatic update-checking component, 'operaautoupdate.exe', that is vulnerable to man-in-the- middle attacks because it does not properly verify server certificates. C Tenable Network Security, Inc...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
MitM-vulnerability in Palo Alto Networks GlobalProtect
--------------------------------------------------------------------- SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect --------------------------------------------------------------------- Problem discovered: July 12th 2012 Vendor contacted: July 13th 2012 Advisory published:...
RedHat Update for gnupg2 RHSA-2010:0603-01
Check for the Version of gnupg2 OpenVAS Vulnerability Test RedHat Update for gnupg2 RHSA-2010:0603-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
UBUNTU-CVE-2009-3941
Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...
SSL MITM Vulnerability
Exploit for unknown platform in category remote exploits ====================== SSL MITM Vulnerability ====================== Title: SSL MITM Vulnerability CVE-ID: OSVDB-ID: Author: Pavel Kankovsky Published: 2009-11-09 Verified: yes view source print? include include include include include...
DEBIAN-CVE-2009-3475
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...
PT-2008-3224 · Netscape +1 · Netscape Certificate Management System +1
Name of the Vulnerable Software and Affected Versions: Red Hat Certificate System versions 7.1 through 7.3 Netscape Certificate Management System version 6.x Description: The issue allows remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a...
DUO-PSA-2015-002: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2015-002 Original Publication Date: 2015-04-06 Revision Date: 2015-04-13 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a...