Lucene search
K

17 matches found

Hacker One
Hacker One
added 2026/05/30 7:56 a.m.18 views

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3580

Malware in sbrugna...

4.3CVSS6AI score0.05654EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-0428

Malware in sbrugna...

7.5CVSS6.4AI score0.03234EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.18 views

Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...

5.3CVSS5.5AI score0.02557EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.16 views

Nginx 1.27.x < 1.27.4 SSL Session Reuse

According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...

5.3CVSS7.2AI score0.02557EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.11 views

Nginx 1.11.4 < 1.26.3 SSL Session Reuse

According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...

5.3CVSS7.2AI score0.02557EPSS
Exploits0References3
Nginx
Nginx
added 2025/02/05 5:31 p.m.2090 views

SSL session reuse vulnerability

SSL session reuse vulnerability Severity: medium CVE-2025-23419 Not vulnerable: 1.27.4+, 1.26.3+ Vulnerable: 1.11.4-1.27.3...

5.3CVSS7.1AI score0.02557EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.19 views

FreeBSD : nginx-devel -- SSL session reuse vulnerability (9761af78-e3e4-11ef-9f4a-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9761af78-e3e4-11ef-9f4a-589cfc10a551 advisory. The nginx development team reports: This update fixes the SSL session reuse vulnerability. Tenable has...

5.3CVSS5.4AI score0.02557EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/02/05 12:0 a.m.253 views

nginx-devel -- SSL session reuse vulnerability

The nginx development team reports: This update fixes the SSL session reuse vulnerability...

5.3CVSS7AI score0.02557EPSS
Exploits0
Citrix
Citrix
added 2023/01/27 12:0 a.m.6 views

How to identify if SSL session is being reused

To identify if SSL Session reuse is being used or not...

7.1AI score
Exploits0
Citrix
Citrix
added 2020/10/19 12:0 a.m.12 views

SSL Renegotiation Process and Session Reuse on ADC Appliance

This article contains information about the SSL renegotiation and session reuse on a ADC appliance. SSL Renegotiation Process on a ADC Appliance The SSL renegotiation process is the new SSL handshake process over an established SSL connection. The SSL renegotiation process can establish another...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Nginx < 1.7.5 SSL Session Reuse

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...

4.3CVSS6.8AI score0.05654EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.25 views

Mandriva Linux Security Advisory : nginx (MDVSA-2015:094)

Updated nginx package fixes security vulnerabilities : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution...

7.5CVSS9.1AI score0.09293EPSS
Exploits1References4
OSV
OSV
added 2014/12/08 11:59 a.m.10 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.4AI score
Exploits0References2
OSV
OSV
added 2014/10/28 11:33 a.m.11 views

MGASA-2014-0427 Updated nginx packages fix CVE-2014-3616

Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position...

4.3CVSS6.2AI score0.05654EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/01/12 12:0 a.m.38 views

OpenSSL < 0.9.2b Session Reuse

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.2b. A remote attacker could reuse an SSL session under a different context and bypass access control mechanisms based on client certificates. C Tenable Network Security, Inc. include"compat.inc"; i...

7.5CVSS5.6AI score0.03234EPSS
Exploits0References2
NVD
NVD
added 1999/03/22 5:0 a.m.28 views

CVE-1999-0428

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls...

7.5CVSS6.7AI score0.03234EPSS
Exploits0References1
Rows per page
Query Builder