2872 matches found
CVE-2014-6087
CVE-2014-6087 affects IBM Security Access Manager for Mobile and Web. The issue arises from weak SSL cipher suite usage that allows remote attackers to obtain sensitive information by sniffing traffic. Affected: IBM Security Access Manager for Mobile 8.0.x before 8.0.1; IBM Security Access Manage...
CVE-2014-6084
CVE-2014-6084 affects IBM Security Access Manager for Mobile (8.0 line) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10 and 8.x before 8.0.1). Root cause: use of weak SSL ciphers enables information disclosure via network sniffing. Impact: partial confidentiality loss of transmitte...
Code injection
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...
CVE-2014-6176
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...
Ekahau Real-Time Location System RC4 Cipher Stream Reuse / Weak Key Derivation
Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location System...
SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining CBC mode. An attacker could exploit the...
F5 Networks BIG-IP : TLS1.x padding vulnerability (K15882)
Incorrect TLS padding may be accepted when terminating TLS 1.x CBC cipher connections. CVE-2014-8730 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K15882. The text description of this plugin is C F5 Networks...
SOL15882 - TLS1.x padding vulnerability CVE-2014-8730
2 If you are planning to upgrade to BIG-IP APM 11.4.1 HF6 or 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.4.1 HF7 or 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The TMM process may restart and produce a core file after...
CVE-2 0 1 4-6 3 2 1 schannel heap overflow vulnerability analysis-vulnerability warning-the black bar safety net
0x00 background MS14-0 6 6 CVE-2 0 1 4-6 3 2 1 is present in Microsoft's schannel. dll in the TLS heap buffer overflow vulnerability. The following principles and poc structure for analysis. 0x01 SSL/TLS principle description Https is based on SSL/TLS Http, all http data is in the SSL/TLS Protoco...
AIX Java Advisory : java_oct2014_advisory.asc (POODLE)
The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A privilege escalation vulnerability in the IBM Java SDK allows a local attacker to inject arbitrary code into the shared classes cache due to a flaw in the default configuration for the shared...
OracleVM 3.3 : nss (OVMSA-2014-0014)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remov...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)
It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)
It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
Issues Arise With MS14-066 Schannel Patch
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometim...
SSH Encryption and Connection Process
SSH Encryption and Connection Process Introduction SSH, or secure shell, is a secure protocol and the most common way of safely administering remote servers. Using a number of encryption technologies, SSH provides a mechanism for establishing a cryptographically secured connection between two...
DEBIAN-CVE-2014-8483
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service out-of-bounds read via a malformed string...