Lucene search
K

188 matches found

RedHat Linux
RedHat Linux
added 2 days ago4 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS7AI score0.00628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.6 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.10 views

gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.6 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.4AI score0.00498EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.6 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 12:0 a.m.4 views

ALSA-2026:26323 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.7 views

SUSE CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00584EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference during OCSP response checking. When a verification chain lacks a self-signed trusted anchor, the issuer of the last certificate is NULL, but the OCSP code accesses the next certificate as the issuer, dereferenci...

7.5CVSS5.3AI score0.00419EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35480

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

6AI score0.00245EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/09 4:3 p.m.7 views

CVE-2026-35188

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS6.1AI score0.00245EPSS
Exploits0
OSV
OSV
added 2026/06/09 12:0 a.m.6 views

UBUNTU-CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS5.4AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 12:0 a.m.6 views

UBUNTU-CVE-2026-35188

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS6.1AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:22 p.m.84 views

CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

0.00584EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.17 views

CVE-2026-42791

A flaw was found in Erlang OTP's publickey application, specifically in the Online Certificate Status Protocol OCSP response verification. A remote attacker who has obtained the private key of an expired Certificate Authority CA-designated OCSP responder certificate can forge OCSP responses. This...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.7 views

CVE-2026-7009

A flaw was found in curl. When curl is configured to use the Certificate Status Request TLS Transport Layer Security extension, also known as OCSP Online Certificate Status Protocol stapling, it fails to properly detect issues with the OCSP response. This can lead curl to incorrectly validate a...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References7
OSV
OSV
added 2026/05/29 4:3 p.m.10 views

RLSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.4CVSS6.6AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

FreeBSD : Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key (9357d6fb-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357d6fb-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS0.00316EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/27 12:23 p.m.8 views

CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 7:4 a.m.15 views

gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.8AI score0.0072EPSS
Exploits1References5
Rows per page
Query Builder