11 matches found
EUVD-2013-4479
Malware in sbrugna...
Securing Spring Boot Applications With SSL
Secure Sockets Layer SSL and Transport Layer Security TLS are key components of securing communications between systems in a layered or service-oriented architecture. Spring Boot applications in such an architecture often accept incoming network connections or create outgoing connections, and...
PyJWT vulnerable to key confusion attacks
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...
CVE-2017-11424
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...
CVE-2017-11424
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...
CVE-2017-11424
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...
CVE-2017-11424
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...
CVE-2013-5018
The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...
CVE-2013-5018
The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...
Nmap NSE net: ssl-cert
Retrieves a server's SSL certificate. The amount of information printed about the certificate depends on the verbosity level. With no extra verbosity, the script prints the validity period and the commonName, organizationName, stateOrProvinceName, and countryName of the subject. '443/tcp open htt...
ssl-cert NSE Script
Retrieves a server's SSL certificate. The amount of information printed about the certificate depends on the verbosity level. With no extra verbosity, the script prints the validity period and the commonName, organizationName, stateOrProvinceName, and countryName of the subject. 443/tcp open http...