EUVD-2002-0082

Malware in sbrugna...

EUVD-2008-0565

Malware in sbrugna...

EUVD-2002-1217

Malware in sbrugna...

EUVD-2016-1780

Malware in sbrugna...

EUVD-2004-0009

Malware in sbrugna...

EUVD-2000-0785

Malware in sbrugna...

CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

SUSE-SU-2021:0906-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ - Better performing string replacements grafana-formula: - Set supported to false for unsupported systems bsc1182001 - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions mgr-libmod: - Fix 'listmodules'...

Security update for openssl-1_0_0 (important)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2020:2269-1 Rating: important References: 1155346 1176029 1177479 1177575 1177673 1177793 1179491 Cross-References: CVE-2020-1971 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability an...

OpenSSL leaks ECDSA private key through a remote timing attack

Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...

FreeBSD : Apache-SSL optional client certificate vulnerability (7557a2b1-5d63-11d8-80e3-0020ed76ef5a)

From the Apache-SSL security advisory : If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. VID 7557a2b1-5d63-11d8-80e3-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

CVE-2008-0555

CVE-2008-0555 affects Apache-SSL: ExpandCert() mishandles '/' and '=' in a client certificate DN, enabling a crafted DN to overwrite environment variables and potentially bypass authentication. Affected: Apache-SSL before apache_1.3.41+ssl_1.59. Mitigation: upgrade to apache_1.3.41+ssl_1.59.

Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation

According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...

ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59

Folks, Following information/research provided by Alexander Klink, a new release is out, fixing a low priority security issue as detailed below. The release is on the primary Apache-SSL ftp server and should hit the mirrors over the next few hours, according to their schedules. See...

Debian Security Advisory DSA 132-1 (apache-ssl)

The remote host is missing an update to apache-ssl announced via advisory DSA 132-1. OpenVAS Vulnerability Test $Id: deb1321.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 132-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 188-1 (apache-ssl)

The remote host is missing an update to apache-ssl announced via advisory DSA 188-1. OpenVAS Vulnerability Test $Id: deb1881.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 188-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...