2929 matches found
Shiro-721
This is a vulnerability analysis of a Shiro RCE Remote Code Execution exploit via Padding Oracle Attack. Here's a summary of the key points: Vulnerability Overview The Shiro framework is a popular open-source security framework that provides identity, authentication, authorization, encryption, an...
CVE-2015-8313
GnuTLS incorrectly validates the first byte of padding in CBC modes...
CVE-2015-8313
CVE-2015-8313 affects GnuTLS: the first padding byte in CBC mode is not correctly validated, enabling a MITM POODLE-style attack to potentially reveal plaintext. Connected sources show this vulnerability cited in multiple advisories (Debian DLA-364-1, SUSE/SUSE-SU-2016:0077-1, IBM FSM bulletin, N...
CVE-2015-8313
GnuTLS incorrectly validates the first byte of padding in CBC modes...
Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563)
Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using...
Security Bulletin: Multiple vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, and CVE-2019-1563)
Summary OpenSSL has security vulnerability that allows a remote attacker to exploit the application. Respective security vulnerability details are discussed in the subsequent section. Vulnerability Details This section includes the vulnerability details that affects the Rational Build Forge. CVEI...
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-2464)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...
EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)
According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...
CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
Padding Oracle Attack
Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...
Apache Shiro Input Validation Error Vulnerability
Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . An input validation error vulnerability in Apache Shiro versions prior to 1.4.2 can be exploited by an...
CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
DEBIAN-CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
Default configuration
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...
UBUNTU-CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...