52 matches found
Advisory ROSA-SA-2025-2895
Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Linux Distros Unpatched Vulnerability : CVE-2021-3618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, suc...
CVE-2021-3618 affecting package sendmail 8.15.2-46
CVE-2021-3618 affecting package sendmail 8.15.2-46. No patch is available currently...
Photon OS 3.0: Sendmail PHSA-2022-3.0-0382
An update of the sendmail package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0382. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 9 : nginx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...
Amazon Linux 2 : vsftpd (ALAS-2024-2431)
The version of vsftpd installed on the remote host is prior to 3.0.2-25. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2431 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...
Medium: vsftpd
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Medium: vsftpd
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Advisory ROSA-SA-2023-2269
Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...
Amazon Linux 2 : nginx (ALASNGINX1-2023-002)
The version of nginx installed on the remote host is prior to 1.20.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-002 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but...
Ubuntu 20.04 LTS : vsftpd vulnerability (USN-6379-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6379-1 advisory. It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect...
Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618)
Summary sendmail is used by IBM Robotic Process Automation for Cloud Pak as part of the antivirus container. CVE-2021-3618 Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol...
Medium: vsftpd
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Amazon Linux 2023 : vsftpd (ALAS2023-2023-019)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-019 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...
Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2023-018)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-018 advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates...
CBL Mariner 2.0 Security Update: nginx / vsftpd (CVE-2021-3618)
The version of nginx / vsftpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3618 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing...
K000132639: ALPACA: TLS vulnerability CVE-2021-3618
Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...
SUSE SLES15 Security Update : nginx (SUSE-SU-2022:4266-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4266-1 advisory. - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685. Tenable has extracte...
SUSE: Security Advisory (SUSE-SU-2022:4265-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...