EUVD-2021-26922

Malware in sbrugna...

Amazon Linux 2 : nginx (ALASNGINX1-2023-002)

The version of nginx installed on the remote host is prior to 1.20.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-002 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but...

Ubuntu: Security Advisory (USN-6379-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6379-1 vsftpd vulnerability

It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another...

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

SUSE CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Amazon Linux 2022 : vsftpd (ALAS2022-2022-172)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-172 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...

CLSA-2022-1649695737 Fix CVE(s): CVE-2021-3618

SECURITY UPDATE: Vulnerability against application layer protocol content confusion attack - debian/patches/CVE-2021-3618.patch: Drop the connection after reaching the specified number of invalid protocol commmands - CVE-2021-3618...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

ALPINE-CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

UBUNTU-CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

PT-2021-5840

Name of the Vulnerable Software and Affected Versions vsftpd affected versions not specified Sendmail affected versions not specified Nginx affected versions not specified Description The issue is related to an application layer protocol content confusion attack, exploiting TLS servers implementi...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6778)

This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8264)

This update changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...