Oracle Java SE Multiple Vulnerabilities -01 Feb 13 (Windows)

This host is installed with Oracle Java SE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboraclejavasemultvuln01feb13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Multiple Vulnerabilities -01 Feb 13 Windows Authors: Arun Kallavi Copyright: Copyright c 2013...

OpenJDK: JSSE denial of service (JSSE, 7186286)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE...

OpenJDK: JSSE denial of service (JSSE, 7186286)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE...

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

HP-UX Update for Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software HPSBUX00280

Check for the Version of Java VM J2SE or Java Secure Socket Extension JSSE Software OpenVAS Vulnerability Test HP-UX Update for Java VM J2SE or Java Secure Socket Extension JSSE Software HPSBUX00280 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

HP-UX Update for Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software HPSBUX00280

Check for the Version of Java VM J2SE or Java Secure Socket Extension JSSE Software OpenVAS Vulnerability Test HP-UX Update for Java VM J2SE or Java Secure Socket Extension JSSE Software HPSBUX00280 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

SSL-VPN products vulnerable to cookie theft

Overview When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted. Impact An attacker may be able to intercept a session ID stored in a cookie and hijack ...

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

Debian Security Advisory DSA 881-1 (openssl096)

The remote host is missing an update to openssl096 announced via advisory DSA 881-1. OpenVAS Vulnerability Test $Id: deb8811.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 881-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1379-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 1379-1. OpenVAS Vulnerability Test $Id: deb13791.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1379-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols. Description Moritz Jodeit reported an off-by-one error in the SSLgetsharedciphers function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the...

CVE-2007-3698

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

Design/Logic Flaw

The Java Secure Socket Extension JSSE in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.211 through 1.4.214, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service CPU consumption via certain SSL/TLS handshake...

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

Debian DSA-882-1 : openssl095 - cryptographic weakness

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer OpenSSL library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix...

CVE-2004-2393

Java Secure Socket Extension JSSE 1.0.3 through 1.0.32 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS...

HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update

s700800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - 1 A defect in the JavaTM Virtual Machine may allow illegal access to protected fields or methods of an...