PT-2016-1366 · Openssl +6 · Openssl +7

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8zf OpenSSL versions 1.0.0 prior to 1.0.0r OpenSSL versions 1.0.1 prior to 1.0.1m OpenSSL versions 1.0.2 prior to 1.0.2a Description: The issue is related to the get client master key function in the SSLv2...

[SECURITY] [DLA 177-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze20 CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project...

OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple Vulnerabilities

Binary data 801937.prm...

Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks

In the shadow of a major OpenSSL vulnerability scheduled to be announced tomorrow, lingering issues remain with mobile platforms and applications that still run versions of the crypto library vulnerable to FREAK attacks. A report published Tuesday by FireEye paints a bleak picture of vulnerable...

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

Multiple Apple products are vulnerable to information leakage

Apple iOS is an operating system for handheld devices developed by Apple Inc. An information disclosure vulnerability exists in Apple iOS prior to 8.1.3, Apple OS X prior to 10.10.2,Apple TV prior to 7.0.3 that allows attackers to conduct a password downgrade attack via a crafted TLS traffic...

Unspecified Vulnerability in Secure Transport for Multiple Apple Products

Apple iOS, Apple TV, and Apple OS X are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition television set-top box; and Apple OS X is a specialized operating system developed for Mac computers. A security vulnerability exists in Secu...

Design/Logic Flaw

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue...

CVE-2015-1067

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue...

Microsoft Schannel Security Feature Bypass Vulnerability (3046049)

This host is missing an important security update according to Microsoft Bulletin MS15-031. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-1637

CVE-2015-1637 is listed in OpenSSL TLS Export Cipher Suite Downgrade advisories (FREAK family). IBM AIX/OpenSSL references indicate OpenSSL on AIX platforms is affected by export-RSA downgrade threats and provides fixes via interim patches (IV69033s9a/b/c) for openssl.base 1.0.1.513 on AIX 5.3/6....

Microsoft Schannel Vulnerable to FREAK

Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack. Disclosed this week, FREAK CVE-2015-1637 is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and...

SSL Export Cipher Suite (CVE-2015-0204; CVE-2015-1637)

Communication with SSL servers using weak, legacy "export-grade" cipher suites might be prone to attacks trying to intercept secure communications...

OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)

A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

SOL16139 - OpenSSL vulnerability CVE-2015-0204

The BIG-IQ and Enterprise Manager products are based on certain TMOS versions. Therefore, they are shipped with the vulnerable code, although the vulnerable components are never used in these products. Recommended Action If the previous table lists a version in the Versions known to be not...

SOL16126 - OpenSSL vulnerability CVE-2014-3572

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...