673 matches found
Security Bulletin: Sterling Connect:Enterprise For UNIX and Sterling Connect:Enterprise clients are affected by the POODLE and OpenSSL vulnerabilities (CVE-2014-3566, CVE-2014-3567)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Sterling Connect:Enterprise For UNIX, Sterling Connect:Enterprise Command Line Client, Sterling Connect:Enterprise HTTP Option, and Sterling...
Security Bulletin: Vulnerability in SSLv3 affects Sterling Control Center (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Sterling Control Center Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...
Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud integration
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by WebSphere Cast Iron Cloud integration and has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary...
Security Bulletin: TLS padding vulnerability affects IBM PureData System for Operational Analytics (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM PureData System for Operational Analytics. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain...
Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Netezza Performance Portal. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information...
CVE-2019-5592
CVE-2019-5592 describes padding oracle vulnerabilities in FortiOS SSL Deep Inspection with CBC padding in the FortiOS IPS engine. Affected FortiGate/FortiOS IPS versions (5.000–5.006, 4.000–4.036, 4.200–4.219, and 3.547 and below) configured with SSL Deep Inspection policies and the IPS sensor en...
CVE-2019-5592
Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...
Security Bulletin: Vulnerability in SSLv3 affects ITCAM for APPLICATION DIAGNOSTICS Agent for HTTP Servers (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in ITCAM for APPLICATION DIAGNOSTICS Agent for HTTP Servers Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...
Oracle Java SE 5 < Update 81 / 6 < Update 91 / 7 < Update 75 / 8 < Update 31 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
Binary data 700649.prm...
Zombie POODLE and GOLDENDOODLE Vulnerabilities
Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...
MariaDB: smtp service vulnerable to POODLE SSLv3
One of our package servers had an old smtpd service linked with openssl 1.0.1i, which uses nondeterministic CBC padding, making it easy for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. The service has been disabled for the internet, as ...
Security Bulletin: Vulnerability in SSLv3 affects IBM Personal Communications v6.0.x (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Personal Communications v6.0.x Vulnerability Details CVE-ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain...
Code injection
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...
CVE-2019-6593
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...
CVE-2019-6593
CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...
F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)
A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...
Security Bulletin: Vulnerabilities in SSLv3 affect IBM Flex System Manager (FSM) and compatible IBM Systems Director agents (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack and other vulnerabilities. SSLv3 is enabled in IBM FSM and compatible IBM Systems Director agents. Vulnerability Details Summary SSLv3 contains a vulnerability that...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.6 and 1.7 that is used by IBM Flex System Manager FSM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were...
Security Bulletin: Vulnerability in SSLv3 affects affects IBM Global Console Manager (GCM) and Local Console Manager (LCM) Switches (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Global Console Manager GCM and Local Console Manager LCM Switches. Vulnerability Details Summary SSLv3 contains a vulnerability that has be...