TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations...

SuSE Security Advisory SUSE-SA:2009:057 (openssl)

The remote host is missing updates announced in advisory SUSE-SA:2009:057. OpenVAS Vulnerability Test $Id: susesa2009057.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:057 openssl Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-1554)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

SuSE 11.2 Security Update: libopenssl-devel (2009-11-13)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-1554)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

Novell eDirectory 8.8 SP5 iConsole Buffer Overflow

!/usr/bin/python Novell eDirectory 8.8 SP5 iConsole BOF Vulnerability found by Hellcode Labs, Original POC http://downloads.securityfocus.com/vulnerabilities/exploits/36815.pl Exploit coded by Matteo Memelli | ryujin A-T offensive-security.com www.offensive-security.com Spaghetti & Pwnsauce -...

Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow

Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow !/usr/bin/python Novell eDirectory 8.8 SP5 iConsole BOF Vulnerability found by Hellcode Labs, Original POC http://downloads.securityfocus.com/vulnerabilities/exploits/36815.pl Exploit coded by Matteo Memelli | ryujin A-T offensive-security.com...

Strict Transport Security (STS) Detection

The remote web server implements Strict Transport Security STS. The goal of STS is to make sure that a user does not accidentally downgrade the security of his or her browser. All unencrypted HTTP connections are redirected to HTTPS. The browser is expected to treat all cookies as 'secure' and to...

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response...

Design/Logic Flaw

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

New TLS/SSL3. 0 middle attack has been published-vulnerability warning-the black bar safety net

Just have the researchers published a method for the TLS/SSL man in the middle attack, the attack 1. exploitable operable relatively strong 2. Currently there is no solution, wait for the manufacturers of the patches. 3. The affected upper-layer protocols including HTTPS,IMAP, SIP, etc. Someone...

Oracle WebLogic Server管理控制台HTML注入漏洞

BUGTRAQ ID: 36766 CVECAN ID: CVE-2009-3396 WebLogic包含多种应用系统集成方案，包括Server/Express/Integration等。 WebLogic Server的管理控制台存在HTML注入漏洞，远程攻击者可以通过提交恶意的URL请求获得WebLogic管理员的会话Cookie，之后利用这个Cookie获得对控制台的管理访问。 即使在通过HTTPS访问管理控制台和启用了管理端口的情况下也可以利用这个漏洞。 Oracle WebLogic Server 10.3 临时解决方法： 禁用WebLogic管理控制台。 厂商补丁： Orac...

HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1)

No description provided by source. =====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-10-30-1 ------------------------------------------------------------------------- ASPR 2009-10-30-1: HTML Injection i...

2wire routers DoS

It's possible to reboot device via TCP/50001 https Web interface without authorization...

LANDesk Management Agent Detection

Detection of LANDesk Management Agent SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100328";...

Mandrake Security Advisory MDVSA-2009:283 (cups)

The remote host is missing an update to cups announced via advisory MDVSA-2009:283. For details, please visit the referenced security advisories. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Wget: Certificate validation error

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description The vendor reported that Wget does not properly handle Common Name CN fields in X.509 certificates that contain an ASCII NUL \0 character...