Improper Certificate Validation

Overview org.apache.storm:storm-metrics-prometheus is a Distributed and fault-tolerant realtime computation Affected versions of this package are vulnerable to Improper Certificate Validation in the INSECURECONNECTIONFACTORY calls. An attacker can intercept sensitive data and credentials by...

EUVD-2015-2811

Malware in sbrugna...

Design/Logic Flaw

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'Java Secure Socket Extension JSSE SKIP-TLS MITM Proxy', 'Description' = %q This module exploits an incomplete...

CVE-2015-2721

CVE-2015-2721 (NSS) arises from NSS not correctly handling TLS state machine transitions, allowing a MITM to bypass forward secrecy by blocking the ServerKeyExchange message (the SMACK SKIP-TLS issue). Affected: NSS libraries used by Mozilla Firefox/Thunderbird and related products; impact includ...

VMware product updates address critical information disclosure issue in JRE.

a. Oracle JRE Update Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE. VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Jav...

VMSA-2015-0003:VMware product updates address CRITICAL information disclosure issue in JRE.

VMSA-2015-0003.14 VMware product updates address critical information disclosure issue in JRE VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0003.14 VMware Security Advisory Synopsis: VMware product updates address critical information disclosure issue in JRE VMware...

Debian DLA-176-1 : mono security update

Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...

Ubuntu 14.04 LTS : Mono vulnerabilities (USN-2547-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2547-1 advisory. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perfo...