Lucene search
K

237 matches found

OSV
OSV
added 2018/06/04 9:29 p.m.5 views

CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS6.8AI score
Exploits0References7
Prion
Prion
added 2018/06/04 9:29 p.m.26 views

Code injection

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

4.3CVSS6.7AI score0.02618EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2018/06/04 9:0 p.m.156 views

CVE-2016-1000345

CVE-2016-1000345 (padding oracle in Bouncy Castle JCE Provider DHIES/ECIES CBC) affects BC 1.55 and earlier; in environments with observable timings, decryption padding failures can be inferred via timing analyses. The IBM/BC-focused bulletin confirms this CVE among multiple BC-related issues and...

5.9CVSS6.2AI score0.02618EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2018/06/04 9:0 p.m.29 views

CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS6.7AI score0.02618EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/06/04 12:0 a.m.35 views

CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS6.8AI score0.02618EPSS
Exploits0References2
0day.today
0day.today
added 2018/05/04 12:0 a.m.76 views

Oracle Access Manager 11.1.2.3.0 / 12.2.1.3.0 Authentication Bypass Vulnerability

Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 suffer from an authentication bypass vulnerability. We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/...

6.8CVSS0.7AI score0.22154EPSS
Exploits2
Hacker One
Hacker One
added 2018/02/22 4:43 p.m.264 views

Semrush: SSLv3 Poodle Attack on Ip Of semrush

Summary: POODLE SSLv3 bug on multiple servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka...

4.3CVSS5.1AI score0.99999EPSS
Exploits7
Veracode
Veracode
added 2018/01/18 6:48 a.m.15 views

Padding Oracle Attack

github.com/golang/crypto is vulnerable to the padding oracle attack. The vulnerability exists as github.com/golang/crypto was not reading packets in constant time, leaking sensitive timing information which may help malicious attackers recover the secret key...

6.4AI score
Exploits0
0day.today
0day.today
added 2018/01/18 12:0 a.m.809 views

Primefaces 5.x - Remote Code Execution Exploit

Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module...

7.2CVSS7.1AI score0.94104EPSS
Exploits13
Hacker One
Hacker One
added 2017/11/09 9:44 p.m.121 views

X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)

Summary: POODLE SSLv3 bug on multiple twitter smtp servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle...

4.3CVSS5.2AI score0.99999EPSS
Exploits7
Veracode
Veracode
added 2017/08/21 4:33 a.m.18 views

Padding Oracle Attack

nimbus-jose-jwt is vulnerable to padding oracle attacks. It does not act correctly if an invalid HMAC is detected in authenticated AES-CBC decryption...

3.1CVSS5.5AI score0.00637EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/08/20 4:29 p.m.14 views

CVE-2017-12973

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...

4.3CVSS5.1AI score0.00637EPSS
Exploits0References3
OSV
OSV
added 2017/08/20 4:29 p.m.14 views

CVE-2017-12973

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...

3.1CVSS6.4AI score
Exploits0References3
CVE
CVE
added 2017/08/02 7:0 p.m.70 views

CVE-2015-3642

Technical details for CVE-2015-3642 are not publicly available in the provided documents; monitor for updates.

5.9CVSS4.6AI score0.00847EPSS
Exploits0References1Affected Software1
Broadcom
Broadcom
added 2017/07/27 12:0 a.m.11 views

BSA-2017-500

Security Advisory ID : BSA-2017-500 Component : Apache HTTPD Revision : 1.0: Final It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decryp...

7.5CVSS7.7AI score0.49024EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2017/06/07 5:54 p.m.8 views

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

7.5CVSS7.2AI score0.49024EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2017/05/03 12:0 a.m.64 views

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

7.5CVSS6.6AI score0.49024EPSS
Exploits4References4
Cent OS
Cent OS
added 2017/04/13 10:59 a.m.261 views

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2017:0906 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS6.6AI score0.49024EPSS
Exploits4References7
Prion
Prion
added 2017/04/10 3:59 p.m.13 views

Code injection

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...

5CVSS7.1AI score0.01686EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/04/10 3:59 p.m.16 views

CVE-2015-7824

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites...

7.5CVSS7.5AI score0.01686EPSS
Exploits0References2
Rows per page
Query Builder