75 matches found
Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Modeler Publishing Server (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Modeler Publishing Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Image Construction and Composition Tool (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Image Construction and Composition Tool. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM SOA Policy Gateway Pattern (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM WebSphere Service Registry and Repository component of IBM SOA Policy Gateway Pattern for AIX Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could all...
Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Service Registry and Repository (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects WebSphere Service Registry and Repository. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® WebSphere Real Time (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere Real Time Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Binary data 7282.pasl...
openssh security and bug fix update
5.3p1-122 - Allow to use ibmca crypto hardware 1397547 - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes 1405374 5.3p1-121 - Fix missing hmac-md5-96 from server offer 1373836 5.3p1-120 - Prevent infinite loop when Ctrl+Z pressed at password prompt 1218424 - Remove...
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
Binary data 9700.prm...
IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)
Binary data 9713.prm...
CVE-2016-4754
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
Code injection
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
CVE-2016-4754
CVE-2016-4754 affects ServerDocs Server in Apple OS X Server before 5.2. The issue is weaknesses in the RC4 cryptographic algorithm that allow an unauthenticated, remote attacker to defeat cryptographic protection. Apple’s macOS Server 5.2 mitigation removes RC4 support for ServerDocs Server, add...
CVE-2016-4754
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)
The version of HP Data Protector installed on the remote host is 7.0x prior to 7.03 build 108, 8.1x prior to 8.15, or 9.0x prior to 9.06. It is, therefore, affected by the following vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combinati...
Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or 7.0.0-OD-02. It is, therefore, potentially affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with...
Radancy: RC4 cipher suites detected
A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...
Radancy: RC4 cipher suites detected
A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
A security vulnerability exists in Rivest Cipher 4 RC4 used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah...
jre7-openjdk: multiple issues
CVE-2015-2590 deserialization issue in ObjectInputStream.readSerialData: ObjectInputStream's readSerialData could, in certain cases, incorrectly perform deserialization of data from serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...
Oracle JRockit R28 < R28.3.7 Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah) (Logjam)
The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.7. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the JCE component that allows a remote attacker to gain access to sensitive information. CVE-2015-2601 - An...