SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808

Refer to the FirePass section of the Vulnerability Recommended Actions section. Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be no...

SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)

OpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an...

SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)

OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was...

OracleVM 3.3 : nss (OVMSA-2015-0073)

The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Additional NULL initialization. - Updated the patch to keep old cipher suite order - Resolves: Bug 1224449 - Rebase to nss-3.19.1 - Resolves: Bug 1224449 ...

Oracle Linux 6 / 7 : nss (ELSA-2015-1185)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1185 advisory. nss 3.19.1-3.0.1 - Added nss-vendor.patch to change vendor 3.19.1-3 - Additional NULL initialization. 3.19.1-2 - Updated the patch to keep old cipher suite...

BSA-2015-1935

Security Advisory ID : BSA-2015-1935 Component : TLS protocol 1.2 Revision : 5.0 The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct...

CVE-2014-8176

The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a deni...

SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities : - The Global Security Kit GSKit contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use...

Ubuntu: Security Advisory (USN-2625-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)

The remote Windows host is missing KB3062760, which resolves multiple OpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos Pulse client shipped with Windows 8.1 : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows ...

USN-2625-1: Apache HTTP Server update

As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved,...

Ubuntu 14.04 LTS : OpenSSL update (USN-2624-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2624-1 advisory. As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Tenable h...

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

USN-2624-1 openssl update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability

Overview A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites. This vulnerability is known as 'LogJam' and has been assigned the...

DEBIAN-CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

Code injection

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...