299 matches found
Padding Oracle Attack
Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...
EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...
EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)
According to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...
U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████
Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)
Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...
Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics
Summary Open Source OpenSSL is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA...
Design/Logic Flaw
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...
CVE-2019-3730
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 in 4.1.x and prior to 4.4 in 4.2.x and 4.3.x, are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this...
CVE-2019-3730
Dell RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x) are affected by an Information Exposure Through an Error Message vulnerability (padding oracle). A remote attacker could potentially exploit this to extract sensitive information, per CVE...
[SECURITY] [DLA 1932-1] openssl security update
Package : openssl Version : 1.0.1t-1+deb8u12 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
CVE-2019-1563
CVE-2019-1563 describes a Bleichenbacher padding oracle vulnerability in OpenSSL. The issue allows an attacker, after sending a large number of ciphertexts for decryption, to recover the CMS/PKCS7 encryption key or decrypt RSA-encrypted data when the attacker can observe decryption success/failur...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, aft...
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, aft...
Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1559)
Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain...
Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability
Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-leng...
There is a vulnerability in OpenSSL used by AIX.
IBM SECURITY ADVISORY First Issued: Tue Apr 16 10:48:55 CDT 2019 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory30.asc...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation
Summary OpenSSL vulnerabilities were disclosed on 30 October 2018 and later by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs. Vulnerability Details CVE-ID:...