14 matches found
EUVD-2013-0208
Malware in sbrugna...
Security Bulletin: IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)
Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...
Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2013, April 2013
Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Tivoli Storage Productivity Center. Vulnerability Details IBM Tivoli Storage Productivity Center 5.x and 4.x are shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle released February 2013...
IBM HTTP Server 8.5.0.0 <= 8.5.0.2 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.27 / 6.1.0.0 <= 6.1.0.45 (491407)
The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement duri...
Khan Academy: SSL/TLS Vulnerability at khanacademy.org
CVE - 2011 - 3389 Description : The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle...
Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)
Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service NULL pointer dereference and...
Ubuntu 12.04 LTS / 12.10 : openssl vulnerability (USN-1732-3)
USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience. Adam...
[USN-1763-1] NSS vulnerability
========================================================================== Ubuntu Security Notice USN-1763-1 March 14, 2013 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Ubuntu Update for gnutls26 USN-1752-1
Check for the Version of gnutls26 OpenVAS Vulnerability Test $Id: gbubuntuUSN17521.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for gnutls26 USN-1752-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
Debian DSA-2621-1 : openssl - several vulnerabilities
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an...
Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an inval...
Debian: Security Advisory (DSA-2621-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1d advisory. - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP...
CVE-2013-0169
The CVE-2013-0169 vulnerability is a timing-side‑channel flaw in CBC padding handling (Lucky Thirteen) that affects TLS/DTLS implementations such as OpenSSL, OpenJDK, and PolarSSL. Root cause: incorrect/insufficient consideration of timing during the MAC/padding check when processing malformed CB...