16 matches found
Mageia: Security Advisory (MGASA-2020-0018)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated jss packages fix security vulnerability
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...
NewStart CGSL CORE 5.05 / MAIN 5.05 : jss Vulnerability (NS-SA-2019-0240)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root...
NewStart CGSL CORE 5.04 / MAIN 5.04 : jss Vulnerability (NS-SA-2019-0219)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root...
RHEL 7 : jss (RHSA-2019:3225)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3225 advisory. Java Security Services JSS provides an interface between Java Virtual Machine and Network Security Services NSS. It supports most of the security...
Important: Red Hat Security Advisory: jss security update
An update for jss is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Fedora 31 : jss (2019-24a0a2f24e)
Security fix for CVE-2019-14823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora 30 : jss (2019-68c2fbcf82)
Security fix for CVE-2019-14823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
CentOS Update for jss CESA-2019:3067 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : jss on SL7.x x86_64 (20191016)
Security Fixes : - JSS: OCSP policy 'Leaf and Chain' implicitly trusts the root certificate CVE-2019-14823 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. C...
Oracle Linux 7 : jss (ELSA-2019-3067)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3067 advisory. Thu Sep 12 2019 Dogtag PKI Team [email protected] 4.4.6-3 - NVR bump 4.4.6-2 - Bugzilla 1747966 - CVE 2019-14823 jss: OCSP policy 'Leaf and Chain' implicitly...
Important: Red Hat Security Advisory: jss security update
An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CVE-2019-14823
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...
CVE-2019-14823
The CVE-2019-14823 issue affects JSS: Leaf and Chain OCSP policy in CryptoManager (versions after 4.4.6, 4.5.3, 4.6.0) implicitly trusts the root certificate, potentially breaking chain verification and enabling MITM. Several connected advisories (Mageia MGASA-2020-0018, Red Hat RHSA-2019:3225, F...
CVE-2019-14823
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...
JSS CryptoManager CVE-2019-14823 Security Bypass Vulnerability
...