109 matches found
EUVD-2013-6430
Malware in sbrugna...
EUVD-2021-18930
Malware in sbrugna...
RHEL 5 : httpd and httpd22 (RHSA-2010:0011)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0011 advisory. - httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3094 - httpd: modproxyftp FTP command injection vi...
CVE-2021-32068
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify applicatio...
Man-in-the-Middle (MitM)
httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...
openssl: OCSP Status Request extension unbounded memory growth
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
openssl: OCSP Status Request extension unbounded memory growth
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
openssl: OCSP Status Request extension unbounded memory growth
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Multiple Vendor - TLS Protocol Session Renegotiation Security Vulnerability
No description provided by source. include errno.h include stdio.h include string.h include unistd.h include sys/time.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include openssl/ssl.h include openssl/ssl3.h void failconst char proc perrorproc; exit1; void...
AIX OpenSSL Advisory : ssl_advisory.asc
The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where th...
ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
ESA-2013-077.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities EMC Identifier: ESA-2013-077 CVE Identifier: CVE-2013-3288, CVE-2009-3555 Severity Rating: See below for individual scores and refer to vendor advisories for...
EMC RSA Data Protection Manager Appliance security vulnerabilities
TLS session renegotiation vulnerability, crossite scripting...
Scientific Linux Security Update : openssl on SL3.x, SL4.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : nss on SL4.x, SL5.x i386/x86_64
CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for exampl...
Scientific Linux Security Update : openssl097a on SL5.x i386/x86_64
CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for exampl...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,...
Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...
GLSA-201203-22 : nginx: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201203-22 nginx: Multiple vulnerabilities Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The 'ngxhttpprocessrequestheaders' function in...