Lucene search
K

8522 matches found

NVD
NVD
added 2004/03/23 5:0 a.m.12 views

CVE-2004-1855

Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack...

5CVSS6.4AI score0.02612EPSS
Exploits1References5
NVD
NVD
added 2003/10/20 4:0 a.m.16 views

CVE-2003-0724

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges...

7.5CVSS6.8AI score0.00853EPSS
Exploits0References2
CVE
CVE
added 2003/09/03 4:0 a.m.49 views

CVE-2003-0724

The CVE-2003-0724 entry concerns SSH on HP Tru64 UNIX (versions 5.1A and 5.1B) that does not properly handle RSA signatures when digital certificates and RSA keys are used, enabling local and remote attackers to gain privileges. The underlying issue is improper handling of RSA signatures (certifi...

7.5CVSS7.2AI score0.00853EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2003/09/03 4:0 a.m.22 views

CVE-2003-0724

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges...

6.8AI score0.00853EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2003/08/14 12:0 a.m.31 views

Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration

source: https://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in which the products are placed within the global ISAPI filter list. When the...

7.4AI score
Exploits0
NVD
NVD
added 2003/07/24 4:0 a.m.27 views

CVE-2003-0389

Cross-site scripting XSS vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script...

4.3CVSS5.9AI score0.01154EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2003/06/23 5:37 p.m.11 views

Important: Red Hat Security Advisory: : : : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages that fix potential timing-based and modified Bleichenbacher attacks are available for Red Hat Linux on IBM iSeries and pSeries systems. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer...

7.5CVSS7.2AI score0.13718EPSS
Exploits0References3
Cvelist
Cvelist
added 2003/06/20 4:0 a.m.29 views

CVE-2003-0389

Cross-site scripting XSS vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script...

5.9AI score0.01154EPSS
Exploits3References2
CVE
CVE
added 2003/06/20 4:0 a.m.52 views

CVE-2003-0389

RSA ACE/Agent (Web) 5.x is affected by an XSS vulnerability in the secure redirect/login handling. Public advisories (SEC-CONSULT/Sec-20051025-1) reference RSA ACE/Agent Web 5.1 and 5.1.1 as vulnerable, exploitable via an unfiltered parameter (e.g., GET or form field like postdata) on web login f...

4.3CVSS6AI score0.01154EPSS
Exploits3References2Affected Software1
Slackware Linux
Slackware Linux
added 2003/05/21 8:32 p.m.14 views

mod_ssl RSA blinding fixes

An upgrade for modssl to version 2.8.141.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a "double fix". Wit...

6.9AI score
Exploits0
CERT
CERT
added 2003/04/23 12:0 a.m.49 views

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

7.5CVSS8AI score0.0628EPSS
Exploits0References13
Debian
Debian
added 2003/04/17 6:44 a.m.49 views

[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 288-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2003 http://www.debian.org/security/faq -...

7.5CVSS0.3AI score0.06393EPSS
Exploits0
OSV
OSV
added 2003/04/17 12:0 a.m.61 views

DSA-288 openssl - several vulnerabilities

Bulletin has no description...

7.5CVSS8.4AI score0.06393EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2003/04/15 1:13 p.m.7 views

Important: Red Hat Security Advisory: openssl security update for Stronghold

Updated versions of Stronghold 3.0 that fix two OpenSSL vulnerabilities are now available. Stronghold 3 contains a number of open source technologies including OpenSSL. Two issues in OpenSSL have recently been discovered: OpenSSL is a commercial-grade, full-featured, and open source toolkit that...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2003/04/01 3:50 p.m.8 views

Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2003/03/31 12:0 p.m.33 views

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Updated 30 May 2003 Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References4
NVD
NVD
added 2003/03/31 5:0 a.m.23 views

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS6.1AI score0.06393EPSS
Exploits0References21
OSV
OSV
added 2003/03/31 5:0 a.m.7 views

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

6.2AI score
Exploits0References22
OSV
OSV
added 2003/03/31 5:0 a.m.3 views

DEBIAN-CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS8.9AI score0.06393EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2003/03/28 1:43 p.m.10 views

Important: Red Hat Security Advisory: apache, openssl security update for Stronghold

Updated versions of cross-platform Stronghold 4 are available to fix a number of vulnerabilities in OpenSSL and Apache. Stronghold 4 contains various open source technologies such as OpenSSL and Apache. A number of issues have been found in versions of these projects: Researchers discovered a...

7.5CVSS7.3AI score0.17413EPSS
Exploits8References3
Rows per page
Query Builder