2866 matches found
mod_ssl SSLCipherSuite bypass
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
DEBIAN-CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
FreeBSD : mod_ssl -- SSLCipherSuite bypass (112)
The following package needs to be updated: apache+modssl+ipv6 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg4238151d207a11d9bfe20090962cff2a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML :...
GLSA-200410-21 : Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
The remote host is affected by the vulnerability described in GLSA-200410-21 Apache 2, modssl: Bypass of SSLCipherSuite directive A flaw has been found in modssl where the 'SSLCipherSuite' directive could be bypassed in certain configurations if it is used in a directory or location context to...
CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
mod_ssl -- SSLCipherSuite bypass
It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured...
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...
IPSwitch IMail Server 8.1 - Local Password Decryption Utility
/ IpSwitch IMail Server IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break. In order to decrypt user password we need a key. IMail uses usernam...
Imailpwdump.cpp
/ IpSwitch IMail Server IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break. In order to decrypt user password we need a key. IMail uses usernam...
IPSwitch IMail Server 8.1 - Local Password Decryption Utility
IPSwitch IMail Server 8.1 - Local Password Decryption Utility / IpSwitch IMail Server IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption scheme is relatively easy to break. In...
SuSE-SA:2004:007: openssl
The remote host is missing the patch for the advisory SuSE-SA:2004:007 openssl. OpenSSL is an implementation of the Secure Socket Layer SSL v2/3 and Transport Layer Security TLS v1 protocol. The NISCC informed us about to failure conditions in openssl that can be triggered to crash applications...
RHEL 2.1 : apache (RHSA-2003:244)
Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...
MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011)
Exploit for unknown platform in category dos / poc ============================================================== MS Windows IIS SSL Remote Denial of Service Exploit MS04-011 ============================================================== / Microsoft SSL Remote Denial of Service MS04-011 Tested...
security flaw
The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...
security flaw
The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...
PT-2004-1028 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.6c through 0.9.6k OpenSSL versions 0.9.7a through 0.9.7c Description: The issue is related to a flaw in the do change cipher spec function that allows remote attackers to cause a denial of service via a crafted SSL/TLS...
OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake
Overview OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Securi...