CVE-2025-27371

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...

Apple and Google join forces to stop unwanted tracking

Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being...

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

F5 Networks BIG-IP : Apache vulnerability (K00373024)

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

TLS 1.3 is nearly here

TLS stands for "Transport Layer Security" and it's rather important. Why's that? Oh, I'm glad you asked. Here's me, yelling my password across the office to you: "PASSWORD!!!" You heard me loud and clear, right? But so did basically anyone else nearby. Now let's work in a little TLS love and...

Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback

The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...

Mozilla Turning TLS 1.3 On By Default With Firefox 52

When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members. “TLS 1.3 removes old and unsafe...

DLA-304-1 openslp-dfsg - security update

Bulletin has no description...

IETF To Mitigate Pervasive Monitoring In Future Protocols

The Internet Engineering Task Force IETF has defined pervasive monitoring, otherwise known as unwarranted surveillance and analysis of Internet traffic and even the subversion of cryptographic keys, as an attack and wants future versions of IETF-sponsored protocols to be designed to mitigate it...

Mozilla Disables WebSockets in Firefox 4 Over Security Concerns

Officials at Mozilla have decided to disable support for Web Sockets in future versions of Firefox because of concerns over the security of the the current version of the protocol.The group said that demonstrations of serious attacks against WebSockets have spurred the move. Mozilla said that the...

[Full-disclosure] Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service Revision 1.0 For Public Release 2005 April 12 1200 UTC GMT +---------------------------------------------------------------------- Contents ======== Summary Affected Products...