Lucene search
K

188 matches found

Broadcom
Broadcom
added 2017/06/23 12:0 a.m.7 views

BSA-2017-342

Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...

9.8CVSS7.3AI score0.03914EPSS
Exploits0
Ubuntu
Ubuntu
added 2017/06/07 4:44 p.m.61 views

USN-3316-1: FreeRADIUS vulnerability

Stefan Winter and Luboš Pavlíček discovered that FreeRADIUS incorrectly handled the TLS session cache. A remote attacker could possibly use this issue to bypass authentication by resuming an unauthenticated session...

9.8CVSS8.1AI score0.03914EPSS
Exploits0
Debian
Debian
added 2017/06/05 4:33 p.m.22 views

[SECURITY] [DLA 977-1] freeradius security update

Package : freeradius Version : 2.1.12+dfsg-1.2+deb7u1 CVE ID : CVE-2014-2015 CVE-2015-4680 CVE-2017-9148 Debian Bug : 742820 789623 863673 Several issues were discovered in FreeRADIUS, a high-performance and highly configurable RADIUS server. CVE-2014-2015 A stack-based buffer overflow was found ...

9.8CVSS9.8AI score0.03914EPSS
Exploits1
Prion
Prion
added 2017/05/29 5:29 p.m.12 views

Authentication flaw

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

7.5CVSS9.5AI score0.03914EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/05/29 5:29 p.m.20 views

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

9.8CVSS9.8AI score0.03914EPSS
Exploits0References6
OSV
OSV
added 2017/05/29 5:29 p.m.2 views

DEBIAN-CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

9.8CVSS8.2AI score0.03914EPSS
Exploits0References1
OSV
OSV
added 2017/05/29 5:29 p.m.29 views

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

9.8CVSS7.2AI score
Exploits0References6
Debian CVE
Debian CVE
added 2017/05/29 5:0 p.m.24 views

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

9.8CVSS9.8AI score0.03914EPSS
Exploits0
CVE
CVE
added 2017/05/29 5:0 p.m.92 views

CVE-2017-9148

The vulnerability CVE-2017-9148 affects FreeRADIUS: TLS session cache allows resumption of an unauthenticated TLS session, bypassing inner authentication for PEAP/TTLS. Affected versions include FreeRADIUS 2.1.1–2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04. Imp...

9.8CVSS9.5AI score0.03914EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2017/05/29 12:0 a.m.26 views

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

9.8CVSS7.1AI score0.03914EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2017/02/03 12:0 a.m.49 views

FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports: The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PEAP or TTLS...

9.8CVSS5.6AI score0.03914EPSS
Exploits0References3
NVD
NVD
added 2014/12/08 11:59 a.m.19 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.5AI score0.05654EPSS
Exploits0References2
OSV
OSV
added 2014/12/08 11:59 a.m.5 views

DEBIAN-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7AI score0.05654EPSS
Exploits0References1
Prion
Prion
added 2014/12/08 11:59 a.m.23 views

Type confusion

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2014/12/08 11:0 a.m.24 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.3AI score0.05654EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/12/08 11:0 a.m.43 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.4AI score0.05654EPSS
Exploits0
OSV
OSV
added 2014/09/17 12:0 a.m.7 views

UBUNTU-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS5.8AI score0.05654EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.15 views

openSUSE Security Update : gdm (openSUSE-SU-2011:0275-1)

Local users could trick gdm into changing ownership of arbitrary files by placing symlinks in the user session cache CVE-2011-0727. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gdm-4250. Th...

6.9CVSS5.5AI score0.00376EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/04/16 12:0 a.m.39 views

AIX OpenSSL Advisory : openssl_advisory2.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use...

7.6CVSS8.2AI score0.22145EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2013/03/12 5:57 p.m.5 views

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS7.4AI score0.08768EPSS
Exploits0References4
Rows per page
Query Builder