Lucene search
K

145 matches found

Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.7 views

PT-2023-8494 · Curl +2 · Curl +2

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...

5.3CVSS4.9AI score0.01102EPSS
Exploits1References45
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.19 views

Debian: Security Advisory (DLA-55-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.6AI score0.05654EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References5
Citrix
Citrix
added 2023/01/27 12:0 a.m.6 views

How to identify if SSL session is being reused

To identify if SSL Session reuse is being used or not...

7.1AI score
Exploits0
Citrix
Citrix
added 2020/10/19 12:0 a.m.12 views

SSL Renegotiation Process and Session Reuse on ADC Appliance

This article contains information about the SSL renegotiation and session reuse on a ADC appliance. SSL Renegotiation Process on a ADC Appliance The SSL renegotiation process is the new SSL handshake process over an established SSL connection. The SSL renegotiation process can establish another...

7AI score
Exploits0
OSV
OSV
added 2019/02/05 7:29 p.m.2 views

CVE-2019-6590

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic...

5.9CVSS6.2AI score0.01473EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/05 7:0 p.m.26 views

CVE-2019-6590

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic...

5.7AI score0.01473EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:55 a.m.16 views

Security Bulletin: Vulnerability in SSLv3 affects Integrated Management Module 2 (IMM2) (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Integrated Management Module 2 IMM2. Vulnerability Details Summary SSLv3 contains a vulnerability that has been referred to as the Padding Orac...

4.3CVSS0.2AI score0.99999EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2019/01/30 12:0 a.m.20 views

F5 Networks BIG-IP : TMM vulnerability (K55101404)

Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP systemwhen the systemconsumes excessive memory resources. This...

7.1CVSS5.9AI score0.01473EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Nginx < 1.7.5 SSL Session Reuse

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...

4.3CVSS6.8AI score0.05654EPSS
Exploits0References8
Cvelist
Cvelist
added 2018/05/17 1:0 p.m.20 views

CVE-2017-15533

Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...

5.5AI score0.01929EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/17 1:0 p.m.37 views

CVE-2017-18268

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...

5.5AI score0.01609EPSS
Exploits0References2
NVD
NVD
added 2017/02/09 3:59 p.m.26 views

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7.3AI score0.74EPSS
Exploits7References8
Prion
Prion
added 2017/02/09 3:59 p.m.29 views

Design/Logic Flaw

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

5CVSS6.7AI score0.74EPSS
Exploits7References8Affected Software10
Cvelist
Cvelist
added 2017/02/09 3:0 p.m.32 views

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

6.3AI score0.74EPSS
Exploits7References8
RedHat Linux
RedHat Linux
added 2016/11/17 8:33 p.m.3 views

tomcat: Session fixation

A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...

8.1CVSS7.2AI score0.10573EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/05/24 12:0 a.m.14 views

Apache Tomcat 7.0.x < 7.0.67 / 8.0.x < 8.0.32 Session Hijacking

Binary data 9314.prm...

8.1CVSS7.3AI score0.10573EPSS
Exploits0References6
Cvelist
Cvelist
added 2016/04/14 3:0 p.m.26 views

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008,...

6.3AI score0.01114EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2016/01/05 12:0 a.m.59 views

Fixed in Apache Tomcat 9.0.0.M3

Moderate: Security Manager bypass CVE-2016-0763 This issue only affects users running untrusted web applications under a security manager. ResourceLinkFactory.setGlobalContext is a public method and was accessible to web applications even when running under a security manager. This allowed a...

8.8CVSS7.8AI score0.1838EPSS
Exploits0Affected Software1
Prion
Prion
added 2015/12/18 11:59 a.m.15 views

Design/Logic Flaw

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437...

5CVSS7.3AI score0.01733EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder