CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2016/03/22 4:48 p.m.•5 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

RedHat Linux•added 2016/03/22 4:48 p.m.•49 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 OpenSSL security update

Updated packages that fix several OpenSSL security issues are available for Red Hat JBoss Enterprise Application Platform 6.4.6 for Microsoft Windows and Solaris. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

5.9CVSS7AI score0.90348EPSS

Exploits3References6

RedHat Linux•added 2016/03/14 8:0 p.m.•3 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

RedHat Linux•added 2016/03/14 4:43 p.m.•4 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

Amazon•added 2016/03/10 12:0 a.m.•82 views

Important: openssl

Issue Overview: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This...

10CVSS8.9AI score0.90348EPSS

RedHat Linux•added 2016/03/09 2:10 p.m.•76 views

Important: Red Hat Security Advisory: rhev-hypervisor security, bug fix and enhancement update

An updated rhev-hypervisor package that fixes several security issues, bugs, and enhancements is now available. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.2AI score0.90348EPSS

Exploits3References10

RedHat Linux•added 2016/03/09 4:8 a.m.•2 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

myhack58•added 2016/03/09 12:0 a.m.•12 views

Technology sharing: the CBC, Padding Oracle attack re-interpretation, how to break HTTPS-bug warning-the black bar safety net

Why is a re-interpretation? Now about the Padding Oracle attack presentation, the better the articles including the content, are taken from this article in foreign languages. However, the text in the discussion a key issue of how to confirm the Padding bits, and no mention, which makes many puris...

7.2AI score

Exploits0

ArchLinux•added 2016/03/07 12:0 a.m.•75 views

lib32-openssl: multiple issues

CVE-2016-0702 private key extraction A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing...

10CVSS5.1AI score0.90348EPSS

myhack58•added 2016/03/07 12:0 a.m.•18 views

Drown cross-Protocol attack on the TLS vulnerability analysis-vulnerability warning-the black bar safety net

Ticker 2 0 1 6 years 3 month 2 days, the OpenSSL official released a new security Bulletin. Mentioned in the post to fix a high risk vulnerability--DROWN cross-Protocol attack on the TLS vulnerability. Baidu cloud security threat management team joint Baidu security Emergency Response Center the...

Exploits0

ArchLinux•added 2016/03/07 12:0 a.m.•54 views

openssl: multiple issues

10CVSS5AI score0.90348EPSS

OSV•added 2016/03/02 11:59 a.m.•1 views

DEBIAN-CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

5.9CVSS9.3AI score0.07651EPSS

Exploits2References1

Prion•added 2016/03/02 11:59 a.m.•41 views

Sql injection

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

4.3CVSS6AI score0.90348EPSS

Exploits3References31Affected Software1

seebug.org•added 2016/03/02 12:0 a.m.•317 views

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and...

4.3CVSS7.3AI score0.90348EPSS

OpenVAS•added 2016/03/02 12:0 a.m.•49 views

CentOS Update for openssl CESA-2016:0301 centos7

Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882404";...

10CVSS7.5AI score0.90348EPSS

Exploits3References2

Cloud Foundry•added 2016/03/02 12:0 a.m.•70 views

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities High Vendor OpenSSL Versions Affected SSLv2 Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possess...

5.9CVSS6.1AI score0.90348EPSS