75 matches found
Security Bulletin: TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)
Summary IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web are affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects both IBM Tivoli Access Manager for...
Security Bulletin: TLS padding vulnerability affects IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710 (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600, 7700 and 7710. Vulnerability Details CVE-ID:...
Security Bulletin: TLS padding vulnerability affects IBM SPSS Modeler (CVE-2014-8730)
Summary Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM SPSS Modeler. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caus...
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM® DB2® LUW. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: TLS padding vulnerability affects IBM Cognos Business Intelligence (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Cognos Business Intelligence. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...
Security Bulletin: TLS padding vulnerability affects IBM Cognos Metrics Manager (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Cognos Metrics Manager Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MQ Appliance
Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on...
Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ Internet Pass-Thru V2.0 (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects some versions of IBM WebSphere MQ Internet Pass-Thru SupportPac MS81. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: IBM WebSphere MQ Internet...
Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM WebSphere MQ. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by th...
Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)
The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...
F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)
TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...
Oracle Access Manager Webgate Information Disclosure (July 2016 CPU)
Binary data oracleaccessmanagerwebgatecve20162107.nbin...
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...
Mageia: Security Advisory (MGASA-2016-0169)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : openssl (ALAS-2016-695)
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107 , Important It was discovered that the ASN.1 parser can misinterpret a large universal t...
openssl: multiple issues
CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-2959-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2959-1 advisory. Huzaifa Sidhpurwala, Hanno Bck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remot...
USN-2959-1: OpenSSL vulnerabilities
Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...
OpenSSL Patches Padding Oracle Attack Bug
The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...
Exploit for CVE-2014-3566
PoC exploit for CVE-2014-3566, a Padding Oracle On Downgraded Le...