Lucene search
K

25 matches found

CNVD
CNVD
added 2016/03/02 12:0 a.m.4 views

OpenSSL Bleichenbacher oracle vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. OpenSSL 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and earlier versions have a security vulnerability in export key combinations applying...

5.9CVSS7.4AI score0.06903EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/07/23 7:20 p.m.14 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
CNVD
CNVD
added 2015/03/05 12:0 a.m.2 views

SSL/TLS Cryptographic Degradation Man-in-the-Middle Hijacking Vulnerability

SSL/TLS is a cryptographic application. SSL/TLS has a security vulnerability that can lead to an attack known as FREAK Factoring RSA Export Keys, which can be exploited by an attacker to reduce the level of encryption and decrypt communications through a man-in-the-middle attack...

6.8AI score
Exploits0References1
OSV
OSV
added 2015/01/09 2:59 a.m.3 views

DEBIAN-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7.2AI score0.98685EPSS
Exploits0References1
OSV
OSV
added 2015/01/08 12:0 a.m.5 views

UBUNTU-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7AI score0.98685EPSS
Exploits0References3
Rows per page
Query Builder