Lucene search
K

5 matches found

Samba
Samba
added 2022/12/15 12:0 a.m.128 views

RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

Description This is Samba's response to Microsoft's CVE-2022-3802312. Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac also known as arcfour-hmac-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel DCE/RPC bulk encryption i...

8.1CVSS7.4AI score0.02559EPSS
Exploits0
OSV
OSV
added 2021/10/12 5:53 p.m.33 views

GHSA-48W2-RM65-62XX Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

3.7CVSS6.3AI score0.01119EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2021/10/12 5:53 p.m.30 views

Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

3.7CVSS6.3AI score0.01119EPSS
Exploits0References12Affected Software1
RubySec
RubySec
added 2021/10/12 12:0 a.m.32 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

3.7CVSS6.8AI score0.01119EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.848 views

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decrypt a...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References4
Rows per page
Query Builder