Lucene search
K

6 matches found

Mageia
Mageia
added 2020/01/05 3:37 p.m.28 views

Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

7.4CVSS1.8AI score0.00859EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.29 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : jss Vulnerability (NS-SA-2019-0240)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root...

7.4CVSS6.5AI score0.00859EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2019/10/16 6:37 a.m.3 views

JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle...

7.4CVSS5.7AI score0.00859EPSS
Exploits1References4
Veracode
Veracode
added 2019/10/16 12:21 a.m.18 views

Man-in-the-Middle (MitM)

JSS is vulnerable to man-in-the-middle MitM. The vulnerability exists as the OCSP policy "Leaf and Chain" implicitly trusts the root certificate...

7.4CVSS2.1AI score0.00859EPSS
Exploits1References12Affected Software1
Cvelist
Cvelist
added 2019/10/14 7:35 p.m.16 views

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

6.8CVSS7.1AI score0.00859EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2019/10/14 12:0 a.m.4 views

PT-2019-13851 · Jss +3 · Cryptomanager +3

Name of the Vulnerable Software and Affected Versions: JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0 Description: A flaw was found in the "Leaf and Chain" OCSP policy implementation where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may...

7.4CVSS6.4AI score0.00859EPSS
Exploits1References24
Rows per page
Query Builder