Apache Shiro Input Validation Error Vulnerability

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . An input validation error vulnerability in Apache Shiro versions prior to 1.4.2 can be exploited by an...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

UBUNTU-CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

Default configuration

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2019-12422

Apache Shiro before 1.4.2 is vulnerable when using the default remember-me configuration, due to a padding attack on cookies. The issue is described across multiple connected entries (e.g., Nessus/Apache Shiro padding attack reports) and affects the remember-me cookie handling, enabling potential...

CVE-2019-12422

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

PT-2019-4283 · Apache +1 · Apache Shiro +1

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.4.2 Description: The issue is related to the use of the default "remember me" configuration in Apache Shiro, which can make cookies susceptible to a padding attack. This could allow a remote attacker to impact...

DEBIAN-CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

RSA package for Python spoofing vulnerability

RSA package for Python is a Python RSA implementation that supports encryption and decryption, signing and verifying signatures, key generation and more. The 'verify' function of Python-RSA has a security vulnerability that allows a remote attacker to forge signatures using special signature...

OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)

The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet...

Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...

openssl security update

1.0.1e-30.2 - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 1.0.1e-30 - add ECC TLS extensions to DTLS 1119800 1.0.1e-29 - fix CVE-2014-3505...

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...