5 matches found
Insecure Encryption Standards
nifi-socket-utils uses insecure encryption standards. The weakness arises as it continued to allow support of TLS v1.0 and v1.1, when the NiFi UI, API, as well as listening for connections established by processors like ListenHTTP, HandleHttpRequest were protected by mandating TLS v1.2...
CVE-2020-9491
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced...
CVE-2020-9491
CVE-2020-9491 affects Apache NiFi ranges 1.2.0–1.11.4, where the UI/API enforce TLS v1.2 but intracluster communications (cluster request replication, Site-to-Site, load-balanced queues) allowed TLS v1.0/v1.1. The provided connected documents reiterate this scope, identifying the vulnerable compo...
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...