Lucene search
+L

87 matches found

thn
thn
added 2016/03/01 7:11 a.m.45 views

DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer SSLv2. Dubbed DROWN, the highly critical security hole in OpenS...

4.3CVSS6.1AI score0.05398EPSS
Exploits1
openssl
openssl
added 2016/03/01 12:0 a.m.56 views

Vulnerability in OpenSSL - Bleichenbacher oracle in SSLv2

This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address the vulnerability CVE-2015-0293. s2srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a...

6.5AI score0.21247EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2016/03/01 12:0 a.m.38 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

6.2AI score0.82112EPSS
Exploits2References63
osv
osv
added 2016/03/01 12:0 a.m.56 views

DSA-3500-1 openssl - security update

Bulletin has no description...

10CVSS6.5AI score0.53655EPSS
Exploits1
cisa
cisa
added 2016/03/01 12:0 a.m.15 views

SSLv2 DROWN Attack

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to decrypt individual messages from a server supporting SSLv2...

6.5AI score
Exploits0References2
nessus
nessus
added 2016/03/01 12:0 a.m.740 views

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN Decrypting RSA with Obsolete and Weakened eNcryption. This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 SSLv...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References3
cert
cert
added 2016/03/01 12:0 a.m.129 views

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Overview Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the "DROWN" attack in the media. Description According to the researcher, "DROWN" is a new form of cross-protocol Bleichenbacher padding oracle...

5.9CVSS6.5AI score0.82112EPSS
Exploits2References3
Rows per page
Query Builder