Lucene search
K

48 matches found

osv
osv
added 2016/03/01 8:59 p.m.4 views

DEBIAN-CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS9.2AI score0.82112EPSS
Exploits2References1
redhat
redhat
added 2016/03/01 3:9 p.m.5 views

OpenSSL: SSLv2 doesn't block disabled ciphers

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks...

5.9CVSS6.8AI score0.10731EPSS
Exploits2References5
osv
osv
added 2016/03/01 3:6 p.m.11 views

SUSE-SU-2016:0624-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS7.2AI score0.82112EPSS
Exploits2References17
redhat
redhat
added 2016/03/01 2:45 p.m.7 views

OpenSSL: SSLv2 doesn't block disabled ciphers

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks...

5.9CVSS6.8AI score0.10731EPSS
Exploits2References5
redhat
redhat
added 2016/03/01 2:45 p.m.6 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
redhat
redhat
added 2016/03/01 2:45 p.m.7 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
redhat
redhat
added 2016/03/01 2:44 p.m.9 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
redhat
redhat
added 2016/03/01 2:44 p.m.7 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
osv
osv
added 2016/02/15 2:59 a.m.1 views

DEBIAN-CVE-2015-3197

ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and...

5.9CVSS9.2AI score0.10731EPSS
Exploits2References1
cnvd
cnvd
added 2015/04/09 12:0 a.m.4 views

IBM Domino SSLv2 Buffer Overflow Vulnerability

IBM Domino formerly known as IBM Lotus Domino is a set of platforms for hosting social business applications from IBM in the United States. The platform combines business messaging, applications and social collaboration, and provides users with real-time online communication capabilities. A buffe...

10CVSS7.7AI score0.04828EPSS
Exploits0References1
redhat
redhat
added 2015/03/30 7:58 a.m.11 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
redhat
redhat
added 2015/03/30 7:58 a.m.2 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
redhat
redhat
added 2015/03/23 11:4 p.m.6 views

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

5.9CVSS6.8AI score0.06903EPSS
Exploits0References5
redhat
redhat
added 2015/03/23 11:4 p.m.6 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
redhat
redhat
added 2015/03/23 11:4 p.m.5 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
redhat
redhat
added 2015/03/23 8:50 p.m.5 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
redhat
redhat
added 2015/03/23 8:50 p.m.3 views

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

5CVSS6.7AI score0.21247EPSS
Exploits0References6
osv
osv
added 2015/03/19 10:59 p.m.7 views

CVE-2015-0293

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

6.2AI score0.21247EPSS
Exploits0References54
osv
osv
added 2015/03/19 5:10 p.m.18 views

USN-2537-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

7.5CVSS7.2AI score0.44503EPSS
Exploits1References8
osv
osv
added 2015/03/18 12:0 a.m.4 views

UBUNTU-CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...

9.8CVSS7.4AI score0.03539EPSS
Exploits0References3
Rows per page
Query Builder