Vulnerabilities that (mostly) aren’t: LUCKY13

TL;DR LUCKY13 is more an attack than a vulnerability LUCKY13 was patched over a decade ago … so it’s really unlikely that your server is vulnerable now Its an implementation issue Disabling CBC ciphers is still a good idea … but not because of susceptibility to LUCKY13 There is no material risk i...

K10065173: TMM TLS virtual server vulnerability CVE-2019-6593

Security Advisory Description A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM Sterling Connect:Direct for Microsoft Windows. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Sterling Connect:Direct for UNIX (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Sterling Connect:Direct for UNIX. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

Code injection

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

CVE-2019-6593

CVE-2019-6593 affects BIG-IP TMM TLS/Client SSL CBC-mode sessions on versions 11.5.1–11.5.4, 11.6.1 and 12.1.0, enabling plaintext recovery via a chosen-ciphertext MITM without server private-key access. F5 advisory K10065173 documents affected branches: 12.x vulnerable in 12.1.0 with fixes in 12...

CVE-2019-6593

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the...

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

Citrix NetScaler Gateway TLS Padding Oracle Vulnerability (CTX240139)

The remote Citrix NetScaler device is affected by a TLS padding oracle vulnerability. An attacker may be able to leverage this vulnerability to decrypt TLS traffic. Please refer to advisory CTX240139 for more information. Note appliances with all CBC-based ciphers disabled are not affected by thi...

sslscan - tests SSL/TLS enabled services to discover supported cipher suites

This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...

SOL39508724 - TMM SSL/TLS virtual server vulnerability CVE-2016-6907

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Gratipay: bring grtp.co up to A grade on SSLLabs

Issues at https://grtp.co/ reference for Weak SSL Ciphers:https://www.owasp.org/index.php/TestingforWeakSSL/TLSCiphers,InsufficientTransportLayerProtectionOTG-CRYPST-001 Weak SSL Ciphers supported at port 443: TLS 1.0: TLSECDHERSAWITH3DESEDECBCSHA ec 256 - C TLSDHERSAWITH3DESEDECBCSHA dh 1024 - D...

ssl-poodle NSE Script

Checks whether SSLv3 CBC ciphers are allowed POODLE Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL. POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are...

Debian Security Advisory DSA 2368-1 (lighttpd)

The remote host is missing an update to lighttpd announced via advisory DSA 2368-1. OpenVAS Vulnerability Test $Id: deb23681.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2368-1 lighttpd Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2368-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)

Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. - CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing...

[SECURITY] [DSA 2368-1] lighttpd security update

--------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2381-] lighttpd security update

--------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...

DSA-2368-1 lighttpd - several

Bulletin has no description...