Lucene search
+L

15 matches found

nessus
nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-55962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and...

6.5CVSS6.1AI score0.00143EPSS
Exploits0References3
euvd
euvd
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
osv
osv
added 2026/06/25 10:17 p.m.5 views

DEBIAN-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 10:17 p.m.8 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS0.00143EPSS
Exploits0References2
osv
osv
added 2026/06/25 10:17 p.m.4 views

UBUNTU-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References5
debiancve
debiancve
added 2026/06/25 9:12 p.m.6 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0
cve
cve
added 2026/06/25 9:12 p.m.24 views

CVE-2026-55962

CVE-2026-55962 (WolfSSL) : TLS 1.3 post-handshake authentication could allow a server to accept a client’s Finished message without a Certificate and CertificateVerify if a post-handshake CertificateRequest was outstanding. The fix scopes the check to the initial handshake: after certReqCtx is se...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
alpinelinux
alpinelinux
added 2026/06/25 9:12 p.m.7 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 9:12 p.m.29 views

CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS0.00143EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.6 views

PT-2026-52599

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A TLS 1.3 post-handshake authentication PHA issue exists where a server may accept a client's Finished message even if the client has not provided a Certificate and CertificateVerify. This...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References7
oraclelinux
oraclelinux
added 2019/11/14 12:0 a.m.84 views

python3 security and bug fix update

3.6.8-15.1.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-15.1 - Patch 329 FIPS modified: Added workaround for modssl: Skip error checking in Pyhashlibfipserror Resolves: rhbz1760106 3.6.8-15 - Patch 329 that adds support for OpenSSL FIPS mode has been improved and...

9.8CVSS8.5AI score0.21443EPSS
Exploits4
redhat
redhat
added 2019/07/30 7:50 p.m.174 views

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS6.7AI score0.02794EPSS
Exploits1References17
redhat
redhat
added 2019/05/07 4:19 a.m.8 views

httpd: mod_ssl: access control bypass when using per-location client certification authentication

A flaw was found in Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38. A bug in modssl, when using per-location client certificate verification with TLSv1.3, allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. An attacker could perform vario...

7.5CVSS7.1AI score0.10508EPSS
Exploits0References6
openvas
openvas
added 2019/04/08 12:0 a.m.164 views

Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Linux

In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...

7.5CVSS7.6AI score0.10508EPSS
Exploits0References1
httpd
httpd
added 2019/01/23 12:0 a.m.100 views

Apache Httpd < 2.4.39 : mod_ssl access control bypass

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions...

7.5CVSS1.7AI score0.10508EPSS
Exploits0Affected Software1
Rows per page
Query Builder