190 matches found
openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)
The following vulnerabilities have been fixed in curl : - IMAP, POP3 and SMTP URL sanitization vulnerability CVE-2012-0036 - disable SSLOPDONTINSERTEMPTYFRAGMENTS CVE-2011-3389 - disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option for older openssl versions CVE-2010-4180 %NASLMINLEVEL 70300 C Tenabl...
openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)
The Opera browser received a security and bugfix update to 11.51. More information can be found here: http://www.opera.com/docs/changelogs/unix/1151/ CVE-2011-3388 - incorrect security information display CVE-2011-3389 - unspecified 'low severity issue, as reported by Thai Duong and Juliano Rizzo...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)
Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)
Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)
Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)
Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...
openSUSE Security Update : lighttpd (openSUSE-2012-110)
added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...
openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)
Fix IMAP, POP3 and SMTP URL sanitization bnc740452, CVE-2012-0036 - Disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option when built against an older OpenSSL version CVE-2010-4180. - Don't enable SSLOPDONTINSERTEMPTYFRAGMENTS bnc742306, CVE-2011-3389. %NASLMINLEVEL 70300 C Tenable Network Security,...
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...
EMC RSA BSAFE Micro Edition Suite security vulnerabilities
Few SSL related vulnerabilities in certificates chain validation and BEAST attacks...
Siemens Ruggedcom Addresses BEAST Flaw in WiMax Products
The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigation...
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...
ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities
ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: For the...
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...
Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)
According to its banner, the remote host is running a version of Kerio Connect formerly known Kerio MailServer prior to 8.1.0. It is, therefore, affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization...
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
OVERVIEW Siemens has identified a BEAST Browser Exploit Against SSL/TLS attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update...
[Beast-Check] SSL/TLS BEAST Vulnerability Check
A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround i.e. EMPTY FRAGMENT applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reaso...
Apple Turns on BEAST Attack Mitigation by Default in Safari
Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)
The remote Oracle database server is missing the October 2013 Critical Patch Update CPU. It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc...