63 matches found
ECDHE-to-ECDH Downgrade Attacks
OpenSSL is vulnerable to ECDHE-to-ECDH downgrade attacks. This is due to a flaw in ssl3getkeyexchange which allows attackers to trigger a loss of forward secrecy to omitting the ServerKeyExchange message...
AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 6.1 TL 9 : nettcp (IV79071) (SLOTH) (deprecated)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 6.1 TL 9 : nettcp (IV79070) (SLOTH)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 5.3 TL 12 : nettcp (IV86120) (SLOTH)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 6.1 TL 9 : nettcp (IV86116) (SLOTH)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)
https://vulners.com/cve/CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle...
F5 BIG-IP - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575
The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
Amazon Linux: Security Advisory (ALAS-2016-645)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED11 / SLES11 Security Update : mozilla-nss (SUSE-SU-2016:0189-1) (SLOTH)
This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature bsc959888 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securi...
OpenSSL DoS Vulnerability (20151203) - Windows
OpenSSL is prone to a Denial of Service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
OpenSSL DoS Vulnerability (20151203) - Linux
OpenSSL is prone to a Denial of Service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
CentOS Update for nss CESA-2016:0007 centos6
Check the version of nss SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882360";...
RedHat Update for nss RHSA-2016:0007-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature — Mozilla
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in...
NSS -- MD5 downgrade in TLS 1.2 signatures
The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...
USN-2830-1: OpenSSL vulnerabilities
Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10...
FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)
OpenSSL project reports : - BNmodexp may produce incorrect results on x8664 CVE-2015-3193 - Certificate verify crash with missing PSS parameter CVE-2015-3194 - X509ATTRIBUTE memory leak CVE-2015-3195 - Race condition handling PSK identify hint CVE-2015-3196 - Anon DH ServerKeyExchange with 0 p...
OpenSSL 1.0.0 < 1.0.0t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.0t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0t advisory. - ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client,...