Critical: Red Hat Security Advisory: java-1.6.0-sun security update

An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerabili...

Nextcloud: Nextcloud.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...

Yelp: Yelp.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...

Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration Vulnerability

The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload ESP supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported...

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3getkeyexchange function in file s3clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the...

LocalTapiola: OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi

Hello Lahitapiola Security Team, I would like to make two reports: 1. Subdomain viestinta.lahitapiola.fi is vulnerable to CVE-2016-2107 . 2. All the Lahitapiola domains/subdomains in scope of bug bounty have weak cipher suites and are susceptible to various SSL related attacks. Subdomain...

sslscan - tests SSL/TLS enabled services to discover supported cipher suites

This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...

SSL TLS_FALLBACK_SCSV Cipher Suite

This protection detects ssl client requests including TLSFALLBACKSCSV cipher suite...

Chromecast Wifi Enumeration

This module enumerates wireless access points through Chromecast. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chromecast Wifi Enumeration', 'Description' = %q This module enumerates wireles...

SSL/TLS: Report Vulnerable Cipher Suites for HTTPS

This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

UBUNTU-CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

Information disclosure

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

UBUNTU-CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High...

CVE-2016-6709

CVE-2016-6709 describes an information disclosure vulnerability in Conscrypt and BoringSSL used by Android. The issue affects Android 6.x and 7.0 prior to 2016-11-01, where a MITM attacker could access sensitive data if a non-standard cipher suite is used by an application. The root cause is an i...