openSUSE Security Update : python-httplib2 (openSUSE-SU-2013:0977-1)

This update of python-httplib2 fixed broken SSL certification verification. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-415. The text description of this plugin is C SUSE LLC...

Fedora 19 : perl-LWP-Protocol-https-6.04-2.fc19 (2014-6369)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

Design/Logic Flaw

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

Cyber Intelligence Asia 2014: CERTs and Industrial Security

In March I spoke at Cyber Intelligence Asia 2014, where CERTs from most Asians countries were presented. The fact is that only a few CERTs are now dealing in some way with industrial security, ICS and SCADA matters. One of the best of those is CERT of Japan, which is doing a great job here, and...

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)

At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...

heartbleeder automatically detecting OpenSSL heartbleed with repair guide-vulnerability warning-the black bar safety net

heartbleeder can detect your server whether the presence of the OpenSSL CVE-2 0 1 4-0 1 6 0 vulnerability, the heartbleed vulnerability is. What is the heartbleed vulnerability? CVE-2 0 1 4-0 1 6 0, the heartbleed vulnerability is a very serious OpenSSL vulnerability. This vulnerability so that...

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

ICS Vulnerabilities Afffect Critical Infrastructure Security

Industrial control systems manufacturer, Siemens, has released new versions of its SIMATIC S7-1200 CPU family, resolving six security vulnerabilities in that product, and its SIMATIC S7-1200 PLC programmable logic controller, resolving an addition two vulnerabilities there. These patches are...

Is It Time for Certified ICS Security Specialists?

The information security field is full of certifications – CompTIA, GIAC, CHE, ISC2 CISSP, CISM, with a vast number of areas and directions within these families. In the industrial space, the most “unsecured” enterprise sector compared to well-established information security practice in most...

2 on 1 7-day Alipay the balance of treasure once again broke a major security vulnerability-vulnerability warning-the black bar safety net

Internet Security Alert on the platform a titled Taobao certification defects can login any Taobao account and Alipay me of the balance of treasure sprinkle of Vulnerability in one shot, one time each BBS, Weibo, wechat, QQ group to expand the fiery discussion, many people expressed concern about...

Code injection

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...

Amazon Linux AMI : nspr (ALAS-2013-266)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

Important: nspr

Issue Overview: A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the f...

CentOS Update for nspr CESA-2013:1829 centos6

Check for the Version of nspr OpenVAS Vulnerability Test CentOS Update for nspr CESA-2013:1829 centos6 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for nss-util CESA-2013:1829 centos6

Check for the Version of nss-util OpenVAS Vulnerability Test CentOS Update for nss-util CESA-2013:1829 centos6 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for nss CESA-2013:1829 centos6

Check for the Version of nss OpenVAS Vulnerability Test CentOS Update for nss CESA-2013:1829 centos6 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CentOS Update for nss-util CESA-2013:1829 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for nss, nspr, and nss-util RHSA-2013:1829-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...