Lucene search
K

3242 matches found

Cvelist
Cvelist
added 2011/02/08 8:0 p.m.20 views

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

6.7AI score0.01047EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2010/09/27 5:44 p.m.9 views

Workarounds Not Enough to Protect Against ASP.NET Attacks

Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not...

7.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2010/05/12 4:21 p.m.4 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/04/06 12:0 a.m.14 views

CouchDB < 0.11.0 Timing Attack Vulnerability

Binary data 5503.prm...

4.3CVSS7.3AI score0.05351EPSS
Exploits0References2
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.34 views

Apache CouchDB timing attack

Password validation algorythm allows to guess matching part...

4.3CVSS3.5AI score0.05351EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.61 views

[SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability

CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache CouchDB 0.8.0 to 0.10.1 Description: Apache CouchDB versions prior to version 0.11.0 are vulnerable to timing attacks, also known as side-channel...

5CVSS1.1AI score0.52716EPSS
Exploits1
securityvulns
securityvulns
added 2010/01/19 12:0 a.m.241 views

ezContents CMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: ezContents CMS Multiple Vulnerabilities Vendor: http://ezcontents.org/ Vulnerable Version: 2.0.3 and prior versions Exploitation: Remote with browser Fix: N/A - Description: ezContents is a nice PHP CMS which allow management of dynamic...

8.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/01/14 4:32 p.m.3 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/12/23 5:33 p.m.6 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/12/08 7:9 p.m.1 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/12/08 2:56 a.m.3 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/11/30 12:0 a.m.38 views

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)

New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...

9.3CVSS6.8AI score0.65461EPSS
Exploits13References17
Cent OS
Cent OS
added 2009/11/18 10:19 a.m.80 views

java security update

CentOS Errata and Security Advisory CESA-2009:1584 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide th...

9.3CVSS7AI score0.65461EPSS
Exploits13References7
Tenable Nessus
Tenable Nessus
added 2009/11/17 12:0 a.m.45 views

RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

10CVSS7AI score0.65461EPSS
Exploits13References33
RedHat Linux
RedHat Linux
added 2009/11/16 3:44 p.m.3 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/16 3:44 p.m.72 views

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

9.3CVSS7AI score0.65461EPSS
Exploits13References15
RedHat Linux
RedHat Linux
added 2009/11/10 7:30 p.m.9 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/09 3:4 p.m.5 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
Prion
Prion
added 2009/11/05 4:30 p.m.19 views

Authentication flaw

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS6.5AI score0.03107EPSS
Exploits1References25Affected Software3
Cvelist
Cvelist
added 2009/11/05 4:0 p.m.29 views

CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

6.2AI score0.03107EPSS
Exploits1References25
Rows per page
Query Builder