15 matches found
OpenSSL 0.9.7 < 0.9.7h Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...
F5 Networks BIG-IP : Potential protocol version rollback vulnerability in OpenSSL (SOL5533)
The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL5533. The text description of this plugin is C F5 Networks...
openssl mitm downgrade attack
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...
Debian: Security Advisory (DSA-875-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-882-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-882-1 : openssl095 - cryptographic weakness
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer OpenSSL library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix...
Debian DSA-881-1 : openssl096 - cryptographic weakness
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer OpenSSL library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix...
FreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333)
Vulnerability : Such applications are affected if they use the option SSLOPMSIESSLV2RSAPADDING. This option is implied by use of SSLOPALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSLOPMSIESSLV2RSAPADDING option disables a...
[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 888-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 882-1 [email protected] http://www.debian.org/security/ Martin Schulze November 4th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 882-1 [email protected] http://www.debian.org/security/ Martin Schulze November 4th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness
-------------------------------------------------------------------------- Debian Security Advisory DSA 881-1 [email protected] http://www.debian.org/security/ Martin Schulze November 4th, 2005 http://www.debian.org/security/faq -...
DSA-881-1 openssl096 - cryptographic weakness
Bulletin has no description...
CVE-2005-2969
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...
CVE-2005-2969
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...