54 matches found
EUVD-2008-0565
Malware in sbrugna...
EUVD-2002-1217
Malware in sbrugna...
EUVD-2004-0009
Malware in sbrugna...
EUVD-2016-1780
Malware in sbrugna...
EUVD-2002-0082
Malware in sbrugna...
EUVD-2000-0785
Malware in sbrugna...
The vulnerability of the mod_ssl function in the Apache HTTP Server allows attackers to compromise the integrity of the protected information.
The vulnerability of the modssl function in the Apache HTTP Server is related to the lack of measures to neutralize special control elements. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...
CVE-2016-10786
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...
SUSE-SU-2021:0906-1 Security update for SUSE Manager Server 4.1
This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ - Better performing string replacements grafana-formula: - Set supported to false for unsupported systems bsc1182001 - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions mgr-libmod: - Fix 'listmodules'...
Security update for openssl-1_0_0 (important)
openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2020:2269-1 Rating: important References: 1155346 1176029 1177479 1177575 1177673 1177793 1179491 Cross-References: CVE-2020-1971 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability an...
OpenSSL leaks ECDSA private key through a remote timing attack
Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...
FreeBSD : Apache-SSL optional client certificate vulnerability (7557a2b1-5d63-11d8-80e3-0020ed76ef5a)
From the Apache-SSL security advisory : If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed...
FreeBSD Ports: apache+ssl
The remote host is missing an update to the system as announced in the referenced advisory. VID 7557a2b1-5d63-11d8-80e3-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: apache+ssl
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
CVE-2008-0555
CVE-2008-0555 affects Apache-SSL: ExpandCert() mishandles '/' and '=' in a client certificate DN, enabling a crafted DN to overwrite environment variables and potentially bypass authentication. Affected: Apache-SSL before apache_1.3.41+ssl_1.59. Mitigation: upgrade to apache_1.3.41+ssl_1.59.
Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...
ANNOUNCE: Apache-SSL security release - apache_1.3.41+ssl_1.59
Folks, Following information/research provided by Alexander Klink, a new release is out, fixing a low priority security issue as detailed below. The release is on the primary Apache-SSL ftp server and should hit the mirrors over the next few hours, according to their schedules. See...
Debian Security Advisory DSA 067-1 (apache,apache-ssl)
The remote host is missing an update to apache,apache-ssl announced via advisory DSA 067-1. OpenVAS Vulnerability Test $Id: deb0671.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 067-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...