Lucene search
+L

3291 matches found

redhat
redhat
added 2003/03/03 9:16 a.m.12 views

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

7.5CVSS7AI score0.13718EPSS
Exploits7References4
nvd
nvd
added 2003/03/03 5:0 a.m.20 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS6AI score0.13718EPSS
Exploits0References20
osv
osv
added 2003/03/03 5:0 a.m.3 views

DEBIAN-CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS9.2AI score0.13718EPSS
Exploits0References1
osv
osv
added 2003/03/03 5:0 a.m.10 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

6AI score
Exploits0References24
freebsd_advisory
freebsd_advisory
added 2003/02/24 12:0 a.m.6 views

FreeBSD-SA-03:02.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: core Module: openssl Announced: 2003-02-25 Credits: Brice...

5.8AI score
Exploits0
osv
osv
added 2003/02/24 12:0 a.m.25 views

DSA-253 openssl - information leak

Bulletin has no description...

5CVSS8.4AI score0.13718EPSS
Exploits0
nessus
nessus
added 2003/02/20 12:0 a.m.55 views

OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities

According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of th...

7.5CVSS8.2AI score0.13718EPSS
Exploits0References5
openssl
openssl
added 2003/02/19 12:0 a.m.36 views

Vulnerability in OpenSSL CVE-2003-0078

sl3getrecord in s3pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading...

9.2AI score0.13718EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2003/02/19 12:0 a.m.48 views

OpenSSL 0.9.7a and 0.9.6i released

From the changelog: Security fix: Vaudenay timing attack on CBC + In ssl3getrecord ssl/s3pkt.c, minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker h...

5CVSS9.2AI score0.13718EPSS
Exploits0
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.38 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS6.3AI score0.01193EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.20 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS6.3AI score0.01193EPSS
Exploits0Affected Software1
Rows per page
Query Builder