96 matches found
EUVD-2021-18930
Malware in sbrugna...
EUVD-2013-6430
Malware in sbrugna...
RHEL 5 : httpd and httpd22 (RHSA-2010:0011)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0011 advisory. - httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3094 - httpd: modproxyftp FTP command injection vi...
CVE-2021-32068
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify applicatio...
Man-in-the-Middle (MitM)
httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...
openssl: OCSP Status Request extension unbounded memory growth
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Multiple Vendor - TLS Protocol Session Renegotiation Security Vulnerability
No description provided by source. include errno.h include stdio.h include string.h include unistd.h include sys/time.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include openssl/ssl.h include openssl/ssl3.h void failconst char proc perrorproc; exit1; void...
Scientific Linux Security Update : openssl097a on SL5.x i386/x86_64
CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for exampl...
Scientific Linux Security Update : openssl on SL3.x, SL4.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for example, an HTTPS connection to a website. This could force the...
Scientific Linux Security Update : nss on SL4.x, SL5.x i386/x86_64
CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for exampl...
Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,...
GLSA-201203-22 : nginx: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201203-22 nginx: Multiple vulnerabilities Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The 'ngxhttpprocessrequestheaders' function in...
CentOS Update for openssl097a CESA-2010:0164 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for httpd CESA-2009:1579 centos3 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for gnutls CESA-2010:0166 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for httpd CESA-2009:1580 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for nspr CESA-2010:0165 centos5 i386
Check for the Version of nspr OpenVAS Vulnerability Test CentOS Update for nspr CESA-2010:0165 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...