12 matches found
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
...
SUSE CVE-2022-24801
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
SUSE: Security Advisory (SUSE-SU-2014:1220-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for mozilla-nss (openSUSE-SU-2014:1232-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)
Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant ...
Firefox < 32.0.3 NSS Signature Verification Vulnerability
The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificate...
Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)
The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...
Firefox < 32.0.3 NSS Signature Verification Vulnerability (Mac OS X)
The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificate...
Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)
The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...
Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability
The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...
Google Chrome < 37.0.2062.124 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services NSS libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA...
NSS: Signature forgery attack
Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...