5 matches found
RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
Description This is Samba's response to Microsoft's CVE-2022-3802312. Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac also known as arcfour-hmac-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel DCE/RPC bulk encryption i...
GHSA-48W2-RM65-62XX Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decrypt a...