299 matches found
Debian DLA-400-1 : pound security update (BEAST) (POODLE)
This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and...
Debian DLA-364-1 : gnutls26 security update
Hanno Bck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. For Debian 6 'Squeeze', this issue has been fixed in gnutls...
Debian Security Advisory DSA 3408-1 (gnutls26 - security update)
It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. OpenVAS Vulnerability Test $Id: deb3408.nasl 6609 2017-07-0...
Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-2821-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2821-1 advisory. It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding...
Ubuntu: Security Advisory (USN-2821-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2821-1: GnuTLS vulnerability
It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack...
Debian: Security Advisory (DSA-3408-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
Code injection
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attac...
Amazon Linux: Security Advisory (ALAS-2015-471)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security feature bypass
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566...
PT-2016-3603 · Erlang +1 · Erlang/Otp +1
Name of the Vulnerable Software and Affected Versions: Erlang/OTP versions prior to 18.0-rc1 Description: The issue makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of the POODLE attack. This occurs because Erlang/OTP does not properl...
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
CentOS Update for java CESA-2015:0085 centos7
Check the version of java SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882104";...
jdk7-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-471) (POODLE)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...
CentOS Update for java CESA-2015:0069 centos6
Check the version of java SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882097";...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150121) (POODLE)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...
Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)
The remote Solaris system is missing necessary patches to address security updates : - Memory leak in d1srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted handshake message. CVE-2014-3513 - The SSL...