Lucene search
K

62 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.41 views

openSUSE Security Update : lighttpd (openSUSE-2012-110)

added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...

5CVSS6.4AI score0.23076EPSS
Exploits8References2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.117 views

ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...

4.3CVSS0.1AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.115 views

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

9CVSS0.4AI score0.73327EPSS
Exploits13
ICS
ICS
added 2014/01/09 7:0 a.m.51 views

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

OVERVIEW Siemens has identified a BEAST Browser Exploit Against SSL/TLS attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update...

4.3CVSS7.5AI score0.73327EPSS
Exploits4References10
ThreatPost
ThreatPost
added 2013/11/04 9:52 a.m.22 views

Apple Turns on BEAST Attack Mitigation by Default in Safari

Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...

7.2AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/10/23 4:26 p.m.5 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
ThreatPost
ThreatPost
added 2013/08/01 3:43 p.m.13 views

Experts Urge ECC crytpo over RSA algorithm

LAS VEGAS – Cryptographic breakthroughs have accelerated in the past six months in areas such as discrete logarithm computations that lead experts to believe that breaking the stalwart RSA algorithm may be in the not-too-distant future. A team of crypto experts today at Black Hat USA 2013 present...

Exploits0
Tenable Nessus
Tenable Nessus
added 2013/05/09 12:0 a.m.54 views

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8557)

This update of compat-curl2 fixes several security issues. - fixes for the cookie domain tailmatch vulnerability. bnc814655 - updated curl CA-Cert Bundle. bnc810010 - fixes for a potential BEAST attack bnc742306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

5CVSS8.8AI score0.04986EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.24 views

Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...

5.8CVSS6.8AI score0.73327EPSS
Exploits4References4
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.114 views

ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities

ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: All versio...

7.5CVSS0.5AI score0.73327EPSS
Exploits12
CheckPoint Security
CheckPoint Security
added 2012/10/15 10:0 p.m.31 views

Check Point response to CVE-2011-3389 aka BEAST attack

...

4.3CVSS1.5AI score0.73327EPSS
Exploits4Affected Software6
ThreatPost
ThreatPost
added 2012/09/13 4:45 a.m.25 views

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

1.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.39 views

Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...

5.8CVSS6.8AI score0.73327EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2012/09/04 12:0 a.m.29 views

Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)

Check for the Version of fetchmail OpenVAS Vulnerability Test Mandriva Update for fetchmail MDVSA-2012:149 fetchmail Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

5.8CVSS0.1AI score0.73327EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.30 views

FreeBSD Ports: fetchmail

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS7AI score0.73327EPSS
Exploits4
CheckPoint Security
CheckPoint Security
added 2012/05/16 9:0 p.m.9 views

Mitigating the BEAST attack in R75.40VS, R75.46 and R76

...

1.7AI score
Exploits0Affected Software2
OpenVAS
OpenVAS
added 2012/04/30 12:0 a.m.29 views

Debian: Security Advisory (DSA-2398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.73327EPSS
Exploits4References3
The Hacker News
The Hacker News
added 2012/04/27 11:11 a.m.11 views

90% SSL sites vulnerable to the BEAST SSL attack

90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL Secure Sockets Layer attack, according to a report released Thursday by the Trustworthy Internet Movement TIM, a nonprofit organization dedicated to solving Internet security, privacy and reliability...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/04/23 4:52 p.m.4 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2012/02/29 2:46 p.m.5 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
Rows per page
Query Builder