MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : openssl-1.0.0-27.AXS4.2 (AXSA:2013-168:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-168:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

EUVD-2012-4855

Malware in sbrugna...

ABB M2M Gateway Information Disclosure in embedded OpenSSL (CVE-2012-4929)

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: Heap read overflow in read-packet.c CVE-2017-5337 - The TLS protocol 1.2 and earlier, as used in...

SUSE CVE-2012-4930

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing...

SUSE CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

SUSE: Security Advisory (SUSE-SU-2013:0549-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2012:1428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0549-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2012-4929

CRIME-poc CRIME attack : a compression oracle attacks CVE-20...

Android OS issue where it is affected by the CRIME attack

Overview The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained. The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of...

JVN#65273415: Android OS issue where it is affected by the CRIME attack

The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP...

Debian DLA-400-1 : pound security update (BEAST) (POODLE)

This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and...

[SECURITY] [DLA 400-1] pound security update

Package : pound Version : 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as...

F5 Networks BIG-IP : CRIME vulnerability via TLS 1.2 protocol (K14054)

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences...

openSUSE Security Update : openssl (openSUSE-SU-2013:1630-1)

This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. CRIME attack CVE-2012-4929. This update introduces a environment variable OPENSSLNODEFAULTZLIB which can be set to 'no' to reenable compressi...

openSUSE Security Update : libqt4 (openSUSE-SU-2012:1420-1)

This update of libqt4 disabled compression to mitigate the CRIME attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-751. The text description of this plugin is C SUSE LLC...

X (Formerly Twitter): uclfinal.twitter.com and euro2012.twitter.com are vulnerable to CRIME attack

hi, i hope this one is not dup : https://www.ssllabs.com/ssltest/analyze.html?d=uclfinal.twitter.com&hideResults=on https://www.ssllabs.com/ssltest/analyze.html?d=euro2012.twitter.com&hideResults=on mohameds-iMac:Downloads mohaab007$ java -jar TestSSLServer.jar uclfinal.twitter.com Supported...

Experts Urge ECC crytpo over RSA algorithm

LAS VEGAS – Cryptographic breakthroughs have accelerated in the past six months in areas such as discrete logarithm computations that lead experts to believe that breaking the stalwart RSA algorithm may be in the not-too-distant future. A team of crypto experts today at Black Hat USA 2013 present...