41 matches found
DEBIAN-CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
PT-2026-52573
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...
EUVD-2002-1390
Malware in sbrugna...
EUVD-2009-5093
Malware in sbrugna...
EUVD-2016-0829
Malware in sbrugna...
K14903688: BIG-IP SSL Profile OCSP Authentication security exposure
Security Advisory Description The BIG-IP system does not properly verify the revocation of intermediate CA certificates when querying Online Certificate Status Protocol OCSP servers and may allow unauthorized connections. This issue occurs when all of the following conditions are met: You have a...
SUSE: Security Advisory (SUSE-SU-2013:1920-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2020:1584-1)
This update for gnutls fixes the following issues : CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to...
openSUSE Security Update : gnutls (openSUSE-2020-790)
This update for gnutls fixes the following issues : - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker ...
Inspecting TLS Web Traffic - Part 2
In the first blog post I covered why HTTPS web traffic has grown to unprecedented levels, provided a TLS primer and looked at the basic concept of intercepting and inspecting HTTPS web traffic with Man-In-The-Middle techniques MITM. In the second part, I will dive a bit deeper into how the TLS MI...
SUSE SLES12 Security Update : squid (SUSE-SU-2018:0636-1)
This update for squid fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esiparser bsc1077003. - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien...
Debian DLA-1266-1 : squid3 security update
Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000024 Incorrect pointer handling resulted in the ability of a remote server to...
[SECURITY] [DLA 1266-1] squid3 security update
Package : squid3 Version : 3.1.20-2.2+deb7u8 CVE ID : CVE-2018-1000024 CVE-2018-1000027 Debian Bug : 888719 888720 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA...
CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...
Intermediate CA Caching Could Be Used to Fingerprint Firefox Users
The way that Firefox caches intermediate CA certificates could open the door to the fingerprinting of users and the leaking of browsing details, a researcher warned this week. Alexander Klink, a security researcher based in Germany, discovered the issue and reported it to Mozilla in January but...
CVE-2016-0818
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...
Design/Logic Flaw
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...
UBUNTU-CVE-2016-0818
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...
CVE-2016-0818
The CVE affects Conscrypt’s TrustManagerImpl on Android, where caching mishandles the distinction between an intermediate CA and a trusted root CA. Affected: Android/Conscrypt versions: 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01. Impact: enables MITM by exploiting an int...
CVE-2016-0818
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...