19 matches found
Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the...
sslscan - tests SSL/TLS enabled services to discover supported cipher suites
This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
An update for Red Hat JBoss Enterprise Web Platform 5.2.0 that provides a patch to mitigate the CVE-2014-3566 issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Red Hat JBoss Enterprise Web Platform is a...
[ MDVSA-2014:252 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:252 http://www.mandriva.com/en/support/security/ Package : nss Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated nss packages fix security vulnerabilities: In the QuickDER...
Mandriva Linux Security Advisory : nss (MDVSA-2014:252)
Updated nss packages fix security vulnerabilities : In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. This update adds support for the TLS Fallback Signaling Cipher Suite Value...
nss: signature forgery
The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as...
nss security update
CentOS Errata and Security Advisory CESA-2014:1948 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2014-December/082957.html https://lists.centos.org/pipermail/centos-announce/2014-December/082962.html...
MGASA-2014-0507 Updated firefox & thunderbird packages fix security vulnerabilities
Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data CVE-2014-1569. Several flaws were found in the processing of malformed web...
SUSE-SU-2015:1182-2 Security update for OpenSSL
This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...
SUSE-SU-2015:0545-2 Security update for OpenSSL
This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...
SUSE-SU-2015:1184-1 Security update for OpenSSL
This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...
SUSE-SU-403 Security update for OpenSSL
This OpenSSL update fixes the following issues: Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3567 CVE-2014-3566 CVE-2014-3568...
MGASA-2014-0416 Updated openssl packages fix security vulnerabilities
This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...
Updated openssl packages fix security vulnerabilities
This update adds support for the TLS Fallback Signaling Cipher Suite Value TLSFALLBACKSCSV, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol...
SUSE-SU-2015:0546-1 Security update for openssl1
This OpenSSL update fixes the following issues: SRTP Memory Leak CVE-2014-3513 Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3513 CVE-2014-3567 CVE-2014-3566...
SUSE-RU-2015:0769-1 Security update for openssl1
This OpenSSL update fixes the following issues: SRTP Memory Leak CVE-2014-3513 Session Ticket Memory Leak CVE-2014-3567 Build option no-ssl3 is incomplete CVE-2014-3568 Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE Security Issues: CVE-2014-3513 CVE-2014-3567 CVE-2014-3566...
CentOS Update for openssl CESA-2014:1653 centos5
Check the version of openssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882063";...
USN-2385-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...
USN-2385-1 openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...