2872 matches found
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
Exploit for CVE-2014-3566
PoC exploit for CVE-2014-3566, a Padding Oracle On Downgraded Le...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)
OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs : - Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols ...
Security update for java-1_7_0-openjdk (important)
OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs: Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: ref More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols -...
RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0085)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0085 advisory. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A fl...
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0085) (POODLE)
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit
This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...
UBUNTU-CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...