Lucene search
K

27 matches found

Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...

8.3CVSS6AI score0.00408EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.8AI score0.00408EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:58 p.m.5 views

Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

5.3CVSS6.8AI score0.02646EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-7360

Malware in sbrugna...

7.1CVSS5.9AI score0.01729EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.25 views

Amazon Linux 2 : nginx (ALASNGINX1-2025-008)

The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...

5.3CVSS5.6AI score0.02646EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/07 9:13 a.m.14 views

CVE-2025-23419

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

4.3CVSS4.7AI score0.02646EPSS
Exploits0References4
OSV
OSV
added 2025/02/07 7:15 a.m.33 views

BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS4.9AI score0.02646EPSS
Exploits0References4
OSV
OSV
added 2025/02/05 6:15 p.m.25 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2025/02/05 6:15 p.m.7 views

UBUNTU-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score0.02646EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.23 views

CVE-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS5AI score0.02646EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/02/05 5:31 p.m.22 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS7.4AI score0.02646EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/02/05 5:31 p.m.9 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.5AI score0.02646EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/05 5:31 p.m.54 views

CVE-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS0.02646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.20 views

PT-2025-5738

Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...

9.8CVSS8.3AI score0.02646EPSS
Exploits0References158
OSV
OSV
added 2024/02/03 2:15 p.m.8 views

AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/02/03 1:35 p.m.68 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS7.2AI score0.01102EPSS
Exploits1
OSV
OSV
added 2024/01/31 8:0 a.m.36 views

CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS4.8AI score0.01102EPSS
Exploits1
OSV
OSV
added 2024/01/31 12:0 a.m.9 views

UBUNTU-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS7.2AI score0.01102EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.9 views

PT-2023-8494 · Curl +2 · Curl +2

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...

5.3CVSS4.9AI score0.01102EPSS
Exploits1References45
Rows per page
Query Builder