K14190: TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

Security Advisory Description A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. CVE-2013-0169 Note : Stream ciphers, such as RC4, are not vulnerable to this issue. Impact The vulnerability m...

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

CVE-2 0 1 4-3 5 6 6 SSLv3 POODLE principle of analysis-vulnerability warning-the black bar safety net

0x00 background POODLE attack against SSLv3, CBC mode encryption algorithm, a padding oracle attack. This attack mode and before the BEAST attacks much like, can allow an attacker to obtain the SSL communication part of the information of the plaintext, such as coockie with. And the BEAST is...

F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)

A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. CVE-2013-0169 Note: Stream ciphers, such as RC4, are not vulnerable to this issue. C Tenable Network Security, Inc. The descriptive text and...

ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. CVE-2013-0166 - An error...

Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

JBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

MS12-049: Vulnerability in TLS Could Allow Information Disclosure (2655992)

A design flaw in the CBC mode of operation on the TLS protocol can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59912;...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...

OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities

Binary data 6129.prm...

OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities

Binary data 801059.prm...

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...