3 matches found
curl: curl cross-origin HTTPS redirect reuses TLS client certificate for unintended second-origin mTLS authentication
Summary: When curl follows an HTTPS redirect to a different origin under normal -L / CURLOPTFOLLOWLOCATION behavior, it still presents the configured TLS client certificate to the redirected-to HTTPS server. This happens without --location-trusted / CURLOPTUNRESTRICTEDAUTH, even though curl alrea...
Denial Of Service(DOS)
serverless is vulnerable to denial of serviceDOS attacks. An attacker is able to cause a panic via a wrong type certificate of TLS client...
Debian DSA-394-1 : openssl095 - ASN.1 parsing vulnerability
Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre NISCC. A bug in OpenSSLs SSL/TLS protocol was also identifie...