TLS Export-Grade Key Exchange Detection

Binary data 7168.pasl...

TLS Export-Grade Key Exchange Detection (Client)

Binary data 7169.pasl...

JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

Researchers Wary of Wassenaar Arrangement Proposed Rules

Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act CFAA that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut. The Commerce Department’s Bureau of Industry a...

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...

LogJam — This New Encryption Glitch Puts Internet Users at Risk

After HeartBleed, POODLE and FREAK encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, an...

UBUNTU-CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)

According to its self-reported version number, the Apache Tomcat server listening on the remote host is 8.0.x prior to 8.0.21. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is...

WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export

This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...

JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)

GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server ISDS 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict T...

Multiple Cross-Site Scripting Vulnerabilities in Pimcore userClassController.php

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. The exportClassAction and exportCustomLayOutDefinitionAction functions in the Pimcore userClassController.php script fail to properly handle the 'id' GET parameter, allowing remote attackers to exploit...

Packet Sender - The UDP and TCP Network Test Utility

Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It is available free no ads / no bundleware for Windows , Mac , and Linux. It can be used for both commercial and personal use license. It's designed to be very easy to use while still providing enough...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...