Lucene search
K

1332 matches found

FreeBSD Advisory
FreeBSD Advisory
added 2015/06/12 12:0 a.m.36 views

FreeBSD-SA-15:10.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-06-12 Affects: All...

7.5CVSS6.4AI score0.9986EPSS
Exploits1
ThreatPost
ThreatPost
added 2015/06/11 1:48 p.m.42 views

OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack

The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Most of the vulnerabilities fixed in the new releases are denial-of-service bugs, but one of them can potentially...

4.3CVSS0.5AI score0.9986EPSS
Exploits1References3
Opera Security Advisories
Opera Security Advisories
added 2015/06/09 12:0 a.m.9 views

Unjam the logjam

Security Unjam the logjam Share June 9th, 2015 When a browser and website communicate over a secure connection, they encrypt and decrypt the data using a shared symmetric encryption key; the same key is used for encryption and decryption. In order for the browser and server to make sure they use...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.34 views

CentOS Update for openssl CESA-2015:1072 centos7

Check the version of openssl SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882194";...

4.3CVSS5.4AI score0.9986EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.43 views

RedHat Update for openssl RHSA-2015:1072-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.6AI score0.9986EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/06/05 12:0 a.m.86 views

CentOS 6 / 7 : openssl (CESA-2015:1072) (Logjam)

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

4.3CVSS7.1AI score0.9986EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/06/04 5:49 p.m.92 views

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

4.3CVSS6AI score0.9986EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/05/28 12:0 a.m.3301 views

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...

4.3CVSS7.2AI score0.9986EPSS
Exploits1References2
myhack58
myhack58
added 2015/05/24 12:0 a.m.58 views

Logjam attacks-the new encryption bug affects a large number of users-bug warning-the black bar safety net

Diffie-Hellman key exchange technology is one of the popular encryption algorithm which allows the Internet Protocol uses a shared key and a secure link. It is a multi-Protocol based including HTTPS, SSH, IPsec, SMTPS and some rely on the TLS Protocol. We have found a number of Diffie-Hellman key...

0.6AI score
Exploits0
Citrix
Citrix
added 2015/05/22 4:0 a.m.85 views

CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability

Overview A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites. This vulnerability is known as 'LogJam' and has been assigned the...

4.3CVSS5.8AI score0.9986EPSS
Exploits1
OSV
OSV
added 2015/05/21 12:59 a.m.2 views

DEBIAN-CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

3.7CVSS8.7AI score0.9986EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2015/05/21 12:0 a.m.6 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

6.1AI score0.9986EPSS
Exploits1References217
CNVD
CNVD
added 2015/05/21 12:0 a.m.4 views

TLS protocol man-in-the-middle attack vulnerability

TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in the TLS protocol version 1.2 and earlier. When the server enabled the DHEEXPORT cipher suite, the program failed to...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2015/05/20 7:28 a.m.9 views

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...

6.8AI score
Exploits0References9
The Hacker News
The Hacker News
added 2015/05/20 2:36 a.m.14 views

LogJam — This New Encryption Glitch Puts Internet Users at Risk

After HeartBleed, POODLE and FREAK encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, an...

5.9AI score
Exploits0
OSV
OSV
added 2015/05/20 12:0 a.m.3 views

UBUNTU-CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

3.7CVSS6.2AI score0.9986EPSS
Exploits1References17
Check Point Advisories
Check Point Advisories
added 2015/05/20 12:0 a.m.5 views

TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)

A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...

5CVSS0.8AI score0.9986EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.81 views

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:0281-1)

This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode bnc856322. - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellma...

5CVSS7.7AI score0.03823EPSS
Exploits0References7
CNVD
CNVD
added 2015/05/14 12:0 a.m.4 views

Microsoft windows Schannel weak Diffie-Hellman ephemeral key length sensitive information disclosure vulnerability

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows Schannel when a 512-bit weak Diffie-Hellman ephemeral key length is used in an encrypted TLS session, which allows remote attackers to decrypt the weak key and obtain sensitive information by...

5CVSS6.5AI score0.20926EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/05/13 10:0 a.m.24 views

CVE-2015-1716

Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral DHE key lengths, which makes it easier for...

6.3AI score0.20926EPSS
Exploits0References3
Rows per page
Query Builder