884 matches found
Fedora Update for python-backports-ssl_match_hostname FEDORA-2013-20200
Check for the Version of python-backports-sslmatchhostname OpenVAS Vulnerability Test Fedora Update for python-backports-sslmatchhostname FEDORA-2013-20200 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...
[SECURITY] Fedora 18 Update: mod_nss-1.0.8-24.fc18
The modnss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols using the Network Security Services NSS security library...
[SECURITY] Fedora 19 Update: python-backports-ssl_match_hostname-3.4.0.2-1.fc19
The Secure Sockets layer is only actually secure if you check the hostname in the certificate returned by the server to which you are connecting, and ver ify that it matches to hostname that you are trying to reach. But the matching logic, defined in RFC2818, can be a bit tricky to implemen t on...
Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Shopping for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Zachary Mathis of Proactive Defense Kobe Digital Labo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
PT-2013-4915 · Python +3 · Python +3
Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.4 Description: The issue arises from the ssl.match hostname function in the SSL module, which fails to properly handle a '0' character in a domain name in the Subject Alternative Name field of an X.509 certificat...
Oracle Linux 3 : openssl (ELSA-2007-0813)
From Red Hat Security Advisory 2007:0813 : Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secu...
OpenJDK: JConsole SSL support (Serviceability, 8003703)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the...
OpenJDK: JConsole SSL support (Serviceability, 8003703)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the...
Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates
Overview Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Shunsuke Taniguchi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
Fedora Update for python-backports-ssl_match_hostname FEDORA-2013-8694
Check for the Version of python-backports-sslmatchhostname OpenVAS Vulnerability Test Fedora Update for python-backports-sslmatchhostname FEDORA-2013-8694 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...
Debian Security Advisory DSA 2697-1 (gnutls26 - out-of-bounds array read)
It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. The oldstable distribution squeeze is not affected because the security fix that introduced this vulnerability was not applied ...
CentOS Update for openssl CESA-2013:0587 centos6
Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2013:0587 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Tomcat - Denial Of Service when using NIO+SSL+sendfile
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...
CVE-2013-0013
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks agains...
UBUNTU-CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
openssl: uninitialized SSL 3.0 padding
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
openssl: uninitialized SSL 3.0 padding
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...
CentOS Update for openssl CESA-2010:0977 centos4 x86_64
Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0977 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for openssl CESA-2012:0060 centos5
Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2012:0060 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
RedHat Update for openssl RHSA-2012:0059-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...