8 matches found
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
openssl: CRL verification vulnerability
crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past...
DEBIAN-CVE-2011-3207
crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past...
security flaw
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious...