273 matches found
SSL handshake failure when client hello contains cipher suit "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
During SSL handshake process in packet trace: 1. After client sending "Client Hello" contains cipher suit "TLSEMPTYRENEGOTIATIONINFOSCSV " to NetScaler, NetScaler replied "server Hello "、"certificate"、"server key exchange " and "server hello done" to client. Refer pic.1 2. client replies...
SUSE CVE-2009-2063
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...
SUSE CVE-2014-3430
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...
SUSE CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9 Vulnerability Details CVE ID:CVE-2013-6323 PI04777 and PI04880 DESCRIPTION: The Administration Console of IBM WebSphere Application...
Security Bulletin: Potential Denial of service vulnerability in IBM HTTP Server (CVE-2013-6329)
Summary A potential denial of service vulnerability in SSL handshake processing in IBM HTTP Server IHS. Vulnerability Details CVEID: CVE-2013-6329 Description: Potential denial of service in SSL handshake processing. CVSS Base Score: 7.1 CVSS Temporal Score: See...
Citrix ADC occasionally not sending SNI to backend server in Client Hello
When enabled server side SNI + Common Name on ADC by SSL service configuration or SSL Profile, you may sporadically find ADC not sending SNI to backend server, which may cause backend SSL handshake failure...
CLSA-2022-1657814447 Fix CVE(s): CVE-2021-23214
SECURITY UPDATE: MITM attack introducing arbitrary SQL quieries - debian/patches/CVE-2021-23214.patch: Raise error if data was received during SSL handshake - CVE-2021-23214...
postgresql: server processes unencrypted bytes from man-in-the-middle
It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...
Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors.
Summary Open Source OpenSSL is used by IBM Cisco switches and directors. IBM Cisco switches and directors has addressed the CVE. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when...
OPENSUSE-SU-2021:3759-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - Let rpmlint ignore...
SUSE-SU-2021:3757-1 Security update for postgresql96
This update for postgresql96 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake bsc1192516. - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake bsc1192516...
Security update for barrier (moderate)
openSUSE Security Update: Security update for barrier Announcement ID: openSUSE-SU-2021:1498-1 Rating: moderate References: Cross-References: CVE-2021-42072 CVE-2021-42073 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: This update for...
Cisco Web Security Appliance (WSA) Server Name Identification Data Exfiltration (cisco-sa-sni-data-exfil-mFgzXqLN)
According to its self-reported version, Cisco Web Security Appliance WSA is affected by a vulnerability in Server Name Identification SNI request filtering that allows an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised...
The vulnerability of the Server Name Identification (SNI) component of the Cisco Web Security Appliance internet server, the micro-programming software for Cisco Firepower Threat Defense network firewalls, and the intrusion detection systems allows a malicious actor to gain full control over the compromised host and unauthorized access to protected information.
The vulnerability of the Server Name Identification SNI component of the Cisco Web Security Appliance internet server, as well as the micro-programming software for Cisco Firepower Threat Defense and the intrusion detection system Snort, is related to SSL handshake filtering errors. Exploiting th...
CVE-2021-34749
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
CVE-2021-34749
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
Command injection
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
CVE-2021-34749 Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
PT-2021-3823 · Cisco · Snort +2
Name of the Vulnerable Software and Affected Versions: Cisco Web Security Appliance affected versions not specified Cisco Firepower Threat Defense affected versions not specified Snort detection engine affected versions not specified Description: A vulnerability in Server Name Identification SNI...