Lucene search
K

237 matches found

Cvelist
Cvelist
added 2012/01/06 1:0 a.m.42 views

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

6.7AI score0.15757EPSS
Exploits0References25
CVE
CVE
added 2012/01/06 1:0 a.m.16141 views

CVE-2011-4108

The CVE-2011-4108 issue concerns the DTLS implementation in OpenSSL. Affected versions are OpenSSL before 0.9.8s and OpenSSL 1.x before 1.0.0f, where a MAC check is performed only if certain padding is valid, enabling a padding oracle that can aid plaintext recovery. This is explicitly described ...

4.3CVSS7.2AI score0.15757EPSS
Exploits0References25Affected Software1
Debian CVE
Debian CVE
added 2012/01/06 1:0 a.m.40 views

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

4.3CVSS8.3AI score0.15757EPSS
Exploits0
NVD
NVD
added 2010/10/20 6:0 p.m.26 views

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

5CVSS6.5AI score0.01014EPSS
Exploits0References2
NVD
NVD
added 2010/10/20 6:0 p.m.41 views

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

5CVSS6.6AI score0.03099EPSS
Exploits0References3
Prion
Prion
added 2010/10/20 6:0 p.m.35 views

Sql injection

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

5CVSS7.1AI score0.03099EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2010/10/20 6:0 p.m.18 views

Authentication flaw

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

5CVSS7AI score0.03099EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/10/20 5:0 p.m.27 views

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

6.5AI score0.01014EPSS
Exploits0References2
CVE
CVE
added 2010/10/20 5:0 p.m.85 views

CVE-2010-2057

CVE-2010-2057 affects Apache MyFaces: shared/util/StateUtils.java uses an encrypted View State without a Message Authentication Code (MAC) in MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1. The underlying issue is lack of MAC protection on the serialized View State, enabli...

5CVSS6.8AI score0.03099EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/10/20 5:0 p.m.39 views

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

6.6AI score0.03099EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2010/10/20 5:0 p.m.27 views

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

5CVSS6.4AI score0.01014EPSS
Exploits0
ThreatPost
ThreatPost
added 2010/09/28 6:12 p.m.93 views

Microsoft Pushes Emergency Patch For ASP.NET Flaw

Microsoft has released the emergency out-of-band patch for the ASP.NET padding oracle attack, less than two weeks after a pair of researchers discussed the flaw and a reliable attack against it at a security conference in Argentina. The patch for the ASP.NET bug is only available through...

9.3CVSS0.99945EPSS
Exploits33References6
Prion
Prion
added 2010/09/22 7:0 p.m.28 views

Buffer overflow

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka VIEWSTATE for...

6.4CVSS6.7AI score0.67481EPSS
Exploits2References20Affected Software1
ThreatPost
ThreatPost
added 2010/09/17 5:48 p.m.202 views

Demo of ASP.NET Padding Oracle Attack

In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET. You can read the full story of their attack in this article, “Padding Orac...

9.3CVSS4.6AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2010/06/08 1:10 p.m.9 views

Tool Expoits Data Flaws in JavaServer Faces

Researchers have released software that exposes private information and executes arbitrary code on sensitive websites by exploiting weaknesses in the widely used web development technology JavaServer Faces. Read the full article. The Register...

4.6AI score
Exploits0References1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder