11 matches found
EUVD-2019-16149
Malware in sbrugna...
Azure Linux 3.0 Security Update: curl (CVE-2024-0853)
The version of curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...
Low: curl
Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
Design/Logic Flaw
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2019-6590
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic...
F5 Networks BIG-IP : TMM vulnerability (K55101404)
Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP systemwhen the systemconsumes excessive memory resources. This...
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...
Apache Tomcat 7.0.x < 7.0.67 / 8.0.x < 8.0.32 Session Hijacking
Binary data 9314.prm...
Fixed in Apache Tomcat 9.0.0.M3
Moderate: Security Manager bypass CVE-2016-0763 This issue only affects users running untrusted web applications under a security manager. ResourceLinkFactory.setGlobalContext is a public method and was accessible to web applications even when running under a security manager. This allowed a...