Lucene search
+L

357 matches found

OpenSSL
OpenSSL
added 2014/08/06 12:0 a.m.58 views

Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher...

5.6AI score0.13327EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/04/16 12:0 a.m.39 views

AIX OpenSSL Advisory : openssl_advisory2.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use...

7.6CVSS8.2AI score0.22145EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2013/11/13 12:0 a.m.122 views

ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the tzfileread function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone TZ file, to cause a denial of service or the execution of...

9.3CVSS9.1AI score0.17687EPSS
Exploits13References28
Kitploit
Kitploit
added 2013/07/24 12:24 a.m.15 views

[SET v5.2] The Social-Engineer Toolkit "Urban Camping"

The Social-Engineer Toolkit SET version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here:...

8.4AI score
Exploits0References1
OSV
OSV
added 2013/03/20 4:55 p.m.2 views

DEBIAN-CVE-2013-1654

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors...

5CVSS6.8AI score0.02947EPSS
Exploits0References1
CVE
CVE
added 2013/03/20 4:0 p.m.90 views

CVE-2013-1654

CVE-2013-1654 affects Puppet 2.7.x prior to 2.7.21, Puppet 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2. The issue arises from how SSL protocol negotiation occurs between client and master, enabling remote attackers to perform SSLv2 downgrade attacks against SSLv3 sessions via...

5CVSS6.4AI score0.02947EPSS
Exploits0References8Affected Software2
Prion
Prion
added 2012/12/20 12:2 p.m.27 views

Design/Logic Flaw

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack...

9.3CVSS6.8AI score0.0249EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2012/11/29 4:1 a.m.53 views

Windows NetLM Downgrade Attack

This module changes the system LmCompatibilityLevel registry value to enable sending LM challenge hashes and initiates a SMB connection to the host specified in the SMBHOST module option. If an SMB server is listening, it will receive the NetLM hashes for the session user. This module requires...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/23 12:0 a.m.41 views

Ubuntu Update for openssl vulnerabilities USN-1029-1

Ubuntu Update for Linux kernel vulnerabilities USN-1029-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10291.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openssl vulnerabilities USN-1029-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

4.3CVSS0.1AI score0.09497EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/12/14 12:0 a.m.40 views

RHEL 4 : openssl (RHSA-2010:0977)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0977 advisory. - openssl: NETSCAPEREUSECIPHERCHANGEBUG downgrade-to-disabled ciphersuite attack CVE-2008-7270 - openssl: missing bnwexpand return value...

10CVSS7.1AI score0.09497EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2010/12/14 12:0 a.m.35 views

RHEL 6 : openssl (RHSA-2010:0979)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0979 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength,...

4.3CVSS6.9AI score0.09497EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2010/12/13 6:13 p.m.8 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

4.3CVSS6.9AI score0.09497EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/12/07 12:0 a.m.56 views

OpenSSL 1.0.0 < 1.0.0c Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0c. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0c advisory. - OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allo...

7.5CVSS7.1AI score0.09497EPSS
Exploits1References5
OSV
OSV
added 2010/12/06 9:5 p.m.8 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

7.3AI score
Exploits0References67
CVE
CVE
added 2010/12/06 9:0 p.m.162 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS
Exploits0References50Affected Software1
RedHat Linux
RedHat Linux
added 2008/05/20 2:15 p.m.7 views

openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...

5CVSS6.9AI score0.04866EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.5 views

openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...

5CVSS6.6AI score0.04866EPSS
Exploits0References4
Rows per page
Query Builder