SSL/TLS: Report 'Null' Cipher Suites

This routine reports all SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108022";...

Cryptsetup 2:1.7.3-2 Root Initramfs Shell Vulnerability

A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS Linux Unified Key Setup. This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend...

Low: Red Hat Security Advisory: mod_nss security, bug fix, and enhancement update

An update for modnss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

mod_nss: Invalid handling of +CIPHER operator

A flaw was found in the way modnss parsed certain OpenSSL-style cipher strings. As a result, modnss could potentially use ciphers that were not intended to be enabled...

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

The remote host supports the use of a block cipher with 64-bit blocks in one or more cipher suites. It is, therefore, affected by a vulnerability, known as SWEET32, due to the use of weak 64-bit block ciphers. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerabilit...

OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

Amazon Linux: Security Advisory (ALAS-2016-755)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)

Binary data 9700.prm...

IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)

Binary data 9713.prm...

Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVPEncodeUpdate function within file...

openssl: Padding oracle in AES-NI CBC MAC check

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...

Amazon Linux AMI : openssl (ALAS-2016-755)

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. CVE-2016-2178 It was...

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog archive...

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

Debian Security Advisory DSA 3688-1 (nss - security update)

Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of da...

RedHat Update for openssl RHSA-2016:1940-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for openssl CESA-2016:1940 centos6

Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882569";...

Mozilla Reduces Threat of Export-Grade Crypto to Firefox

Logjam was one of several downgrade attacks discovered in the last 18 months that could theoretically allow a resourced attacker to take advantage of lingering export-grade cryptography to read and modify data over a supposedly secure connection. While the severity of this particular attack again...

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160927)

Security Fixes : - A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all...