Lucene search
K

213 matches found

OpenVAS
OpenVAS
added 2014/10/30 12:0 a.m.50 views

openSUSE: Security Advisory for update (openSUSE-SU-2014:1331-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.3AI score0.99999EPSS
Exploits7References1
OPENSUSE Linux
OPENSUSE Linux
added 2014/10/29 4:5 p.m.44 views

update for openssl (important)

The following issues were fixed in this release: CVE-2014-3566: SSLv3 POODLE attack bnc901223 CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak...

7.1CVSS2.5AI score0.99999EPSS
Exploits7References2
ThreatPost
ThreatPost
added 2014/10/29 2:56 p.m.107 views

Microsoft Plans to Disable SSLv3 in IE, All Online Services

Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...

9.3CVSS1AI score0.99945EPSS
Exploits33References2
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.68 views

Apple TV security vulnerabilities

Unauthorized bluetooth pairing, SSL poodle attack...

5.4CVSS2.6AI score0.99999EPSS
Exploits7References1Affected Software1
Atlassian
Atlassian
added 2014/10/24 7:13 p.m.20 views

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

0.1AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.117 views

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

NCCIC / US-CERT National Cyber Awareness System: TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack 10/17/2014 12:27 PM EDT Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer SSL 3.0 with cipher-block chaining CBC mode...

4.3CVSS0.7AI score0.99999EPSS
Exploits7
Metasploit
Metasploit
added 2014/10/17 4:25 p.m.43 views

HTTP SSL/TLS Version Detection (POODLE scanner)

Check if an HTTP server supports a given version of SSL/TLS. If a web server can successfully establish an SSLv3 session, it is likely to be vulnerable to the POODLE attack described on October 14, 2014, as a patch against the attack is unlikely...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/16 10:29 a.m.46 views

OpenSSL Releases Patch for POODLE Attack

The OpenSSL Project has released a new version of the encryption software, which patches several security flaws, including the bug that is exploited by the POODLE attack on SSLv3. The updated versions of OpenSSL come just a couple of days after a trio of researchers at Google revealed the POODLE...

4.3CVSS2.4AI score0.99999EPSS
Exploits7References2
myhack58
myhack58
added 2014/10/16 12:0 a.m.12 views

CVE-2 0 1 4-3 5 6 6 SSLv3 POODLE principle of analysis-vulnerability warning-the black bar safety net

0x00 background POODLE attack against SSLv3, CBC mode encryption algorithm, a padding oracle attack. This attack mode and before the BEAST attacks much like, can allow an attacker to obtain the SSL communication part of the information of the plaintext, such as coockie with. And the BEAST is...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/15 10:35 a.m.18 views

Browser Vendors Move to Disable SSLv3 in Wake of POODLE Attack

With details of the new POODLE attack on SSLv3 now public, browser vendors are in the process of planning how they’re going to address the issue in their products in a way that doesn’t break the Internet for millions of users but still provides protection. The attack, which was disclosed by a tri...

0.5AI score
Exploits0References6
OSV
OSV
added 2014/10/15 12:55 a.m.3 views

DEBIAN-CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

3.4CVSS8.9AI score0.99999EPSS
Exploits7References1
ThreatPost
ThreatPost
added 2014/10/14 8:13 p.m.12 views

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...

1.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.9 views

PT-2014-1693

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1i OpenSSL through 1.0.1i PAN-OS versions 6.1.1 and earlier PAN-OS versions 6.0.7 and earlier PAN-OS versions 5.1.x and 5.0.x EOS versions 4.12.0 through 4.12.7.1 EOS versions 4.13.0 through 4.13.6 Apple mac os x...

4.3CVSS8.7AI score0.99999EPSS
Exploits7
Rows per page
Query Builder