CVE-2013-4238

CVE-2013-4238 concerns the Python ssl.match_hostname handling of NULL characters in a domain name within the SAN of an X.509 certificate. Public sources in the initial and connected documents confirm that this flaw could enable MITM spoofing of SSL servers when certificates from trusted CAs are u...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

Code injection

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

CVE-2010-4334

The IO::Socket::SSL module 1.35 for Perl, when verifymode is not VERIFYNONE, fails open to VERIFYNONE instead of throwing an error when a cafile/capath cannot be verified, which allows remote attackers to bypass intended certificate restrictions...

Design/Logic Flaw

The IO::Socket::SSL module 1.35 for Perl, when verifymode is not VERIFYNONE, fails open to VERIFYNONE instead of throwing an error when a cafile/capath cannot be verified, which allows remote attackers to bypass intended certificate restrictions...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass

============================================= INTERNET SECURITY AUDITORS ALERT 2009-013 - Original release date: December 7th, 2009 - Last revised: December 16th, 2009 - Discovered by: David Eduardo Acosta Rodriguez - Severity: 4/10 CVSS Base Score ============================================= I...

Solaris 2.6 (sparc) : 106830-01

The remote host is missing Sun Security Patch number 106830-01 Netra-j 2.1: make ssl module work as client, domestic US only. Date this patch was last updated by Sun : Tue Jan 12 17:00:00 MST 1999 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ Th...

Solaris 2.5.1 (sparc) : 106830-01

The remote host is missing Sun Security Patch number 106830-01 Netra-j 2.1: make ssl module work as client, domestic US only. Date this patch was last updated by Sun : Tue Jan 12 17:00:00 MST 1999 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ Th...

Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)

Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list CRL handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. CAN-2005-1268 Watchfire...

[Full-disclosure] Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability ========================================================================== Document ID: 67919 Revision 1.0 For Public Release 2005 October 19...