Lucene search
K

87 matches found

myhack58
myhack58
added 2016/03/02 12:0 a.m.13 views

OpenSSL also new vulnerabilities, more than 1 1 0 0 million https sites affected-vulnerability warning-the black bar safety net

It is understood that recently the researchers in OpenSSL, discovered a new security vulnerability, this vulnerability will be on SSL Secure Socket Layer Security Protocol to generate a huge impact, and attacker may also favor this vulnerability to modern Web sites for attack. Affects more than 1...

Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/02 12:0 a.m.131 views

OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.1s. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1s advisory. - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a...

10CVSS7.6AI score0.82112EPSS
Exploits2References13
Cloud Foundry
Cloud Foundry
added 2016/03/02 12:0 a.m.72 views

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities High Vendor OpenSSL Versions Affected SSLv2 Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possess...

5.9CVSS6.1AI score0.82112EPSS
Exploits2
OSV
OSV
added 2016/03/01 8:59 p.m.4 views

DEBIAN-CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS9.2AI score0.82112EPSS
Exploits2References1
NVD
NVD
added 2016/03/01 8:59 p.m.26 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS6.6AI score0.82112EPSS
Exploits2References63
Prion
Prion
added 2016/03/01 8:59 p.m.40 views

Code injection

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

4.3CVSS5.8AI score0.82112EPSS
Exploits2References63Affected Software1
OSV
OSV
added 2016/03/01 8:59 p.m.9 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS7.1AI score
Exploits0References63
Hacker One
Hacker One
added 2016/03/01 4:45 p.m.109 views

ownCloud: DROWN Attack

Hi, I want to report a drown attack in .owncloud.com. A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable serve...

4.3CVSS0.2AI score0.82112EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2016/03/01 4:7 p.m.6 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2016/03/01 3:9 p.m.8 views

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

5.9CVSS6.8AI score0.82112EPSS
Exploits2References7
OSV
OSV
added 2016/03/01 3:6 p.m.11 views

SUSE-SU-2016:0624-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS7.2AI score0.82112EPSS
Exploits2References17
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.55 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

5.9CVSS7AI score0.82112EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.64 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

5.9CVSS7AI score0.82112EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2016/03/01 2:44 p.m.64 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extended Lifecycle Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

5.9CVSS7AI score0.82112EPSS
Exploits2References10
Debian
Debian
added 2016/03/01 2:34 p.m.74 views

[SECURITY] [DSA 3500-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3500-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini March 01, 2016 https://www.debian.org/security/faq -...

10CVSS9.6AI score0.82112EPSS
Exploits2
OSV
OSV
added 2016/03/01 1:48 p.m.8 views

SUSE-SU-2016:0620-1 Security update for openssl

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS7.2AI score0.82112EPSS
Exploits2References20
OSV
OSV
added 2016/03/01 1:29 p.m.11 views

SUSE-SU-2016:0617-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS7.3AI score0.82112EPSS
Exploits2References21
OSV
OSV
added 2016/03/01 1:29 p.m.8 views

SUSE-SU-2016:0621-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS7.2AI score0.82112EPSS
Exploits2References20
UbuntuCve
UbuntuCve
added 2016/03/01 1:0 p.m.69 views

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

5.9CVSS6.9AI score0.82112EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2016/03/01 12:30 p.m.55 views

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

4.3CVSS0.82112EPSS
Exploits2References7
Rows per page
Query Builder