27 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...
CVE-2026-9545
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...
CURL-CVE-2026-9545 exposing HTTP/3 early data
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...
Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
EUVD-2016-7360
Malware in sbrugna...
Amazon Linux 2 : nginx (ALASNGINX1-2025-008)
The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...
CVE-2025-23419
A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...
BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
UBUNTU-CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
PT-2025-5738
Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...
AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
UBUNTU-CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
PT-2023-8494 · Curl +2 · Curl +2
Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...