Lucene search
K

31 matches found

Prion
Prion
added 2017/07/27 9:29 p.m.43 views

Code injection

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

5CVSS6.7AI score0.49024EPSS
Exploits4References27Affected Software1
Debian CVE
Debian CVE
added 2017/07/27 9:0 p.m.76 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.6AI score0.49024EPSS
Exploits4
Hacker One
Hacker One
added 2017/03/28 5:31 p.m.24 views

Phabricator: Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.

Dear Phabricator bug bounty team, Summary --- Phabricator encrypts data with AES in CBC mode, but does not ensure integrity of the encrypted data. You must authenticate the data, by either using an HMAC or by using an authenticated block cipher mode like GCM. Why does this vulnerability exist? --...

0.6AI score
Exploits0
OSV
OSV
added 2017/03/22 2:54 p.m.22 views

SUSE-SU-2017:0797-1 Security update for apache2

This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS...

7.5CVSS7.6AI score0.49024EPSS
Exploits4References8
OSV
OSV
added 2017/03/22 2:52 p.m.23 views

SUSE-SU-2017:0801-1 Security update for apache2

This update for apache2 provides the following fixes: Security issues fixed: - CVE-2016-0736: Protect modsessioncrypto data with a MAC to prevent padding oracle attacks bsc1016712. - CVE-2016-2161: Malicious input to modauthdigest could have caused the server to crash, resulting in DoS bsc1016714...

7.5CVSS7.5AI score0.49024EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2017/02/27 12:0 a.m.76 views

Debian DSA-3796-1 : apache2 - security update

Several vulnerabilities were discovered in the Apache2 HTTP server. - CVE-2016-0736 RedTeam Pentesting GmbH discovered that modsessioncrypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. - CVE-2016-2161 Maksim Malyutin discovered that malicio...

7.5CVSS6.5AI score0.49024EPSS
Exploits4References8
Hacker One
Hacker One
added 2017/01/10 1:38 p.m.254 views

FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.

Dear Formassembly bug bounty team, Summary --- formassembly.com is vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks. $ git clone https://github.com/FiloSottile/CVE-2016-2107.git $ go run main.go www.formassembly.com ... Vulnerable:...

2.6CVSS6.9AI score0.89058EPSS
Exploits6
OSV
OSV
added 2016/12/22 12:0 a.m.3 views

UBUNTU-CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.1AI score0.49024EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2016/08/30 12:0 a.m.14 views

phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities

Binary data 9538.prm...

10CVSS7.3AI score0.0475EPSS
Exploits0References56
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.88 views

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

2.6CVSS9AI score0.02426EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.124 views

[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...

4.3CVSS5.7AI score0.00748EPSS
Exploits0
Rows per page
Query Builder