PT-2024-22629 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to 17.0.0 Description: When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic...

Mageia: Security Advisory (MGASA-2017-0053)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0112-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS) In SSL Alert Handling

OpenSSL is vulnerable to denial of service in SSL alert handling aka SSL-Death-Alert. The attacks are possible due to a flaw in the way SSL3ALWARNING are handled, consuming 100% CPU on the server...

An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)

OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL...

Denial Of Service (DoS) In SSL Alert Handling

github.com/golang/go is vulnerable to denial of service DoS in SSL alert handling aka SSL-Death-Alert. The attacks are possible due to a flaw in the way that SSL3ALWARNING are handled, consuming 100% CPU on the server. This vulnerability is related to CVE-2016-8610...

Netscaler - 11.1 - SSO Failure with RDP Proxy

1. When connecting to RDP via NS gateway CVPN bookmarks, the RDP window terminates with error An Internal error has occurred. 2. Netscaler resets the back-end connection withreset code of 9952 dropping connection due to SSL received fatal alert 3. Disabled SSO using...

SUSE-SU-2017:0601-1 Security update for compat-openssl097g

This update for compat-openssl097g fixes the following issues contained in the OpenSSL Security Advisory 26 Jan 2017 bsc1021641 Security issues fixed: - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed bsc1005878 - degrade 3DES to MEDIUM in SSL2 bsc1001912 - CVE-2016-2108...

openSUSE Security Update : gnutls (openSUSE-2017-207)

This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)

This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1)

This update for gnutls fixes the following issues : - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser bsc961491. - CVE-2016-8610: Remote denial of service in SSL alert handling bsc1005879. - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate...

Denial Of Service (DoS) In SSL Alert Handling

OpenSSL is vulnerable to denial of service in SSL alert handling aka SSL-Death-Alert. The attacks are possible due to a flaw in the way SSL3ALWARNING are handled, consuming 100% CPU on the server...

Design/Logic Flaw

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service resource consumption and Traffic Management Microkernel restart via an SSL alert during the handshake...

CVE-2016-4545

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service resource consumption and Traffic Management Microkernel restart via an SSL alert during the handshake...

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K48042976)

On virtual servers with Secure Sockets Layer SSL profiles enabled, an SSL alert sent during the handshake may produce unnecessary logging and resource consumption on a BIG-IP system that is running 11.5.4 FINAL, possibly causing the Traffic Management Microkernel TMM to restart and produce a core...

ardabil.locopoc.com XSS vulnerability

Vulnerable URL: http://ardabil.locopoc.com/q-'-alertOPENBUGBOUNTY-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

tangomag.com XSS vulnerability

Vulnerable URL: http://www.tangomag.com/content/search?searchapiaggregation1=%22%3E%3Csvg%2Fonload+%3Dalert%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 16:06 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...