1038 matches found
[SECURITY] [DLA 364-1] gnutls26 security update
Package : gnutls26 Version : 2.8.6-1+squeeze6 CVE ID : CVE-2015-8313 Hanno Böck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding orac...
DLA-364-1 gnutls26 - security update
Bulletin has no description...
Debian DSA-3408-1 : gnutls26 - security update
It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[SECURITY] [DSA 3408-1] gnutls26 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3408-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3408-1] gnutls26 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3408-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3408-1 (gnutls26 - security update)
It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. OpenVAS Vulnerability Test $Id: deb3408.nasl 6609 2017-07-0...
Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-2821-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2821-1 advisory. It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding...
Ubuntu: Security Advisory (USN-2821-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2821-1 gnutls26 vulnerability
It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack...
USN-2821-1: GnuTLS vulnerability
It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack...
Debian: Security Advisory (DSA-3408-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Use Padding Oracle attacks to obtain the encrypted key-vulnerability warning-the black bar safety net
0×0 0 Preface In this article I want to share some of the use of the padding oracle vulnerability practical tips, this type of vulnerability allows an attacker to decrypt the ciphertext and the encrypted plaintext. About the padding oracle attack concept and the working principle of the more...
IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability
IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
Code injection
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
Amazon Linux: Security Advisory (ALAS-2015-471)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...