Lucene search
K

145 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.19 views

FreeBSD : nginx-devel -- SSL session reuse vulnerability (9761af78-e3e4-11ef-9f4a-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9761af78-e3e4-11ef-9f4a-589cfc10a551 advisory. The nginx development team reports: This update fixes the SSL session reuse vulnerability. Tenable has...

5.3CVSS5.4AI score0.02557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.18 views

PT-2025-5738

Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...

5.3CVSS8.3AI score0.02557EPSS
Exploits0References157
FreeBSD
FreeBSD
added 2025/02/05 12:0 a.m.253 views

nginx-devel -- SSL session reuse vulnerability

The nginx development team reports: This update fixes the SSL session reuse vulnerability...

5.3CVSS7AI score0.02557EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/12/19 11:3 p.m.31 views

K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669

Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...

6.5CVSS7.3AI score0.08565EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.43 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-581 advisory. A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname...

5.3CVSS6.2AI score0.01102EPSS
Exploits1References4
Amazon
Amazon
added 2024/04/02 12:0 a.m.3 views

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

5.3CVSS6.7AI score0.01102EPSS
Exploits1
Amazon
Amazon
added 2024/04/02 12:0 a.m.8 views

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

5.3CVSS6.7AI score0.01102EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/22 4:5 p.m.47 views

Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Tomcat, Apache Commons FileUpload, and Apache Axis. A remote attacker could exploit these vulnerabilities to cause a denial of service condition, to obtain a session cookie, sensitive and Http11Processor instanc...

8.6CVSS8.6AI score0.71653EPSS
Exploits7Affected Software1
OSV
OSV
added 2024/02/03 2:15 p.m.43 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.7AI score0.01102EPSS
Exploits1References6
OSV
OSV
added 2024/02/03 2:15 p.m.7 views

AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References1
Prion
Prion
added 2024/02/03 2:15 p.m.25 views

Design/Logic Flaw

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5CVSS7AI score0.01102EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/02/03 1:35 p.m.34 views

CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.8AI score0.01102EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2024/02/03 1:35 p.m.65 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS7.2AI score0.01102EPSS
Exploits1
Veracode
Veracode
added 2024/02/03 3:55 a.m.29 views

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation.The vulnerability is due to the retention of SSL session IDs in the cache, even when the OCSP stapling verification fails. This flaw allows subsequent connections to the same hostname to succeed without proper verification if the session ID...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2024/02/02 12:0 a.m.4 views

Haxx curl security bypass vulnerability

Haxx curl is a set of file transfer tools that work at the command line using URL syntax. A security bypass vulnerability exists in Haxx curl due to a flaw that retains the connected SSL session ID in its cache even if the authentication state OCSP binding test fails. An attacker could use this...

5.3CVSS6.8AI score0.01102EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.53 views

Curl 8.5.0 < 8.6.0 Security Bypass (CVE-2024-0853)

The version of Curl installed on the remote host is between 8.5.0 prior to 8.6.0. It is, therefore, affected by a security bypass vulnerability. Curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References2
OSV
OSV
added 2024/01/31 8:0 a.m.33 views

CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS4.8AI score0.01102EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/01/31 12:0 a.m.31 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.8AI score0.01102EPSS
Exploits1References2
OSV
OSV
added 2024/01/31 12:0 a.m.1 views

UBUNTU-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS7.2AI score0.01102EPSS
Exploits1References3
Prion
Prion
added 2024/01/21 11:15 p.m.19 views

Code injection

An issue was discovered in Mbed TLS through 3.5.1. In mbedtlssslsessionreset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum...

5CVSS7.1AI score0.00468EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder