OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm

OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm source: https://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle...

OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm

source: https://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases. OracleAS TopLink Mapping Workbenc...

Moderate: Red Hat Security Advisory: mod_ssl security update for Stronghold

An updated modssl package is now available for Stronghold 4 on Red Hat Enterprise Linux that closes a security issue in certain rare configurations. Stronghold 4 contains a number of open source technologies, including the modssl module which provides SSL/TLS support for Apache. Ben Laurie found ...

security flaw

Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...

security flaw

Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...

Moderate: Red Hat Security Advisory: : Updated Apache and mod_ssl packages fix security vulnerabilities

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl whi...

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...

[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...

DSA-253 openssl - information leak

Bulletin has no description...

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...

Weak CRC allows packet injection into SSH sessions encrypted with block ciphers

Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...

CVE-2001-1469

The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check CRC with the CRC of a mask consisting of all the bits of the original message that were modified...

CVE-2001-1470

The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check CRC to match the modifications to the message...

Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...

Cisco Virtual Central Office 4000 (VCO4K) 5.1.3 - Remote Username Password Retrieval

Cisco Virtual Central Office 4000 VCO4K 5.1.3 - Remote Username Password Retrieval source: https://www.securityfocus.com/bid/1885/info A vulnerability exists in the Cisco Virtual Central Office 4000 VCO/4K programmable voice switch running software versions 5.13 and earlier. The usernames and...

Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote Username / Password Retrieval

source: https://www.securityfocus.com/bid/1885/info A vulnerability exists in the Cisco Virtual Central Office 4000 VCO/4K programmable voice switch running software versions 5.13 and earlier. The usernames and passwords for the device's SNMP administration interface are protected by a simple...

SSH connections using RC4 and password authentication can be replayed

Overview This vulnerability may allow an attacker to replay a captured SSH1 session. Description Preconditions: Client requests RC4 and the server grants request Client uses password authentication When an SSH1 session using the RC4 cipher is established, the client and server agree upon a sessio...

NetZero ZeroPort 3.0 - Weak Encryption Method

NetZero ZeroPort 3.0 - Weak Encryption Method // source: https://www.securityfocus.com/bid/1483/info Netzero is a free internet service provider which requires its users to run the application ZeroPort in order to log onto the network. The username and password is stored locally in a text file...

NetZero ZeroPort 3.0 - Weak Encryption Method

// source: https://www.securityfocus.com/bid/1483/info Netzero is a free internet service provider which requires its users to run the application ZeroPort in order to log onto the network. The username and password is stored locally in a text file called id.dat and is inadequately encrypted. The...