AZL-32101 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

Shell In A Box HTTPS fallback DNS binding vulnerability

Shell In A Box is a soft SSH terminal product for accessing remote Linux servers. A security vulnerability in the HTTPS fallback implementation of Shell In A Box allows remote attackers to perform DNS rebinding attacks using the '/plain' URL...

Microsoft Plans to Disable SSLv3 in IE, All Online Services

Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...