CVE-2002-2405

CVE-2002-2405 affects Check Point FireWall-1 4.1 and NG when UserAuth is configured to proxy HTTP traffic only, permitting remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. The root cause and actionable remediation details are not provided in the co...

CVE-2002-2414

Opera 6.0.3, when used with Squid 2.4 as an HTTPS proxy, does not properly handle accepting a non-global certificate authority (CA) certificate from a site before establishing a subsequent HTTPS connection, which can allow remote attackers to cause a denial of service (crash). The connected docum...

CVE-2002-2414

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority CA certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service crash...

How to perform https man in the middle attacks-vulnerability warning-the black bar safety net

First talk about the fake certificate. First use openssl to generate a certificate, I generated here by an example. crt and example. key two, the protection of the password is 1 2 3 4 in. And then connect to the real HTTPS Server, get the real certificate. Re-starting forgery of certificate to be...

Apache Tomcat - WebDAV SSL Remote File Disclosure

Apache Tomcat - WebDAV SSL Remote File Disclosure !/usr/bin/perl ================================================================ Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL MoDiFiEd version by : h3rcul3s ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007...

Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)

No description provided by source. !/usr/bin/perl ================================================================ Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL MoDiFiEd version by : h3rcul3s ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007...

Design/Logic Flaw

Cisco Firewall Services Module FWSM 3.21, and 3.15 and earlier, allows remote attackers to cause a denial of service device reload via a crafted HTTPS request, aka CSCsi77844...

CVE-2007-5570

Cisco Firewall Services Module FWSM 3.21, and 3.15 and earlier, allows remote attackers to cause a denial of service device reload via a crafted HTTPS request, aka CSCsi77844...

Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module Advisory ID: cisco-sa-20071017-fwsm http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml Revision 1.0 For Public Release 2007 October 17 1600 UTC GMT...

CVE-2007-5384

Multiple cross-site request forgery CSRF vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistanc...

RHEL 4 / 5 : elinks (RHSA-2007:0933)

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

Moderate: Red Hat Security Advisory: elinks security update

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

Moderate: elinks security update

0.9.2-3.3.5.2 - fix elinks-0.9.2-httpspostdata.patch 303881 0.9.2-3.3.5.1 - fix 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy 0.9.2-3.3 - fix 215731 - elinks smb protocol arbitrary file access...

Debian DSA-1380-1 : elinks - programming error

Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

DSA-1380-1 elinks - information disclosure

Bulletin has no description...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...