Lucene search
+L

299 matches found

Palo Alto Networks
Palo Alto Networks
added 2015/01/12 8:0 a.m.187 views

Padding-oracle attack on TLS CBC cipher mode

A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...

4.6AI score0.1372EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2015/01/05 9:32 p.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3 openssl security update

An update for the OpenSSL component for Red Hat JBoss Enterprise Application Platform 6.3 that provides a patch to mitigate the CVE-2014-3566 issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Red Hat JBoss...

4.3CVSS6.5AI score0.99999EPSS
Exploits7References4
NVD
NVD
added 2014/12/10 12:59 a.m.21 views

CVE-2014-8730

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 throu...

4.3CVSS4.4AI score0.1372EPSS
Exploits0References14
Cvelist
Cvelist
added 2014/12/10 12:0 a.m.31 views

CVE-2014-8730

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 throu...

4.7AI score0.1372EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.29 views

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20141016) (POODLE)

This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...

4.3CVSS6.3AI score0.99999EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2014/10/16 2:59 p.m.88 views

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

7.1CVSS6.6AI score0.99999EPSS
Exploits7References5
OSV
OSV
added 2014/10/15 12:55 a.m.9 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

3.4CVSS4AI score0.99999EPSS
Exploits7References252
Cvelist
Cvelist
added 2014/10/15 12:0 a.m.68 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.6AI score0.99999EPSS
Exploits7References243
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.55 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.3CVSS6.7AI score0.99999EPSS
Exploits7References9
Tenable Nessus
Tenable Nessus
added 2014/04/16 12:0 a.m.54 views

AIX OpenSSL Advisory : openssl_advisory3.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a...

9.3CVSS7.9AI score0.17687EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.23 views

Amazon Linux AMI : openvpn (ALAS-2013-201)

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...

2.6CVSS5.3AI score0.02813EPSS
Exploits1References2
Prion
Prion
added 2013/06/21 7:55 p.m.18 views

Design/Logic Flaw

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

4.3CVSS6.5AI score0.00748EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/06/21 7:0 p.m.35 views

CVE-2013-0523

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...

6.1AI score0.00748EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/05/28 12:0 a.m.34 views

Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)

Updated openvpn package fixes security vulnerability : OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementati...

2.6CVSS5.5AI score0.02813EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2013/02/11 4:57 p.m.27 views

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical

For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher sai...

7.1AI score
Exploits0References4
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.33 views

Mandriva Update for openssl MDVSA-2012:007 (openssl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS7.9AI score0.17687EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.42 views

Mandriva Update for openssl MDVSA-2012:007 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2012:007 openssl Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

9.3CVSS0.1AI score0.17687EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2012/06/27 2:12 p.m.20 views

Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say tha...

6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/01/17 12:0 a.m.38 views

Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)

Multiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack CVE-2011-410...

9.3CVSS7.9AI score0.17687EPSS
Exploits0References5
Prion
Prion
added 2012/01/06 1:55 a.m.31 views

Design/Logic Flaw

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

4.3CVSS6.9AI score0.15757EPSS
Exploits0References25Affected Software1
Rows per page
Query Builder