EUVD-2019-5951

Malware in sbrugna...

Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

MGASA-2020-0018 Updated jss packages fix security vulnerability

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be...

NewStart CGSL CORE 5.05 / MAIN 5.05 : jss Vulnerability (NS-SA-2019-0240)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root...

NewStart CGSL CORE 5.04 / MAIN 5.04 : jss Vulnerability (NS-SA-2019-0219)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root...

CentOS 7 : jss (CESA-2019:3067)

An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Scientific Linux Security Update : jss on SL7.x x86_64 (20191016)

Security Fixes : - JSS: OCSP policy 'Leaf and Chain' implicitly trusts the root certificate CVE-2019-14823 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. C...

RHEL 7 : jss (RHSA-2019:3067)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3067 advisory. Java Security Services JSS provides an interface between Java Virtual Machine and Network Security Services NSS. It supports most of the security...

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

DEBIAN-CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

Design/Logic Flaw

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

CVE-2019-14823

The CVE-2019-14823 issue affects JSS: Leaf and Chain OCSP policy in CryptoManager (versions after 4.4.6, 4.5.3, 4.6.0) implicitly trusts the root certificate, potentially breaking chain verification and enabling MITM. Several connected advisories (Mageia MGASA-2020-0018, Red Hat RHSA-2019:3225, F...

CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle...