HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
fb34fe32681e54ea1b2ae027c31fa571dc9e387af2e91bbce978f3e237b581d4HP Security Bulletin - A potential security vulnerability has been identified in the SSL v2 implementation used in HP HTTP Server v5.9.6 that may allow a remote attacker to force the use of a weaker security protocol via a man-in-the-middle attack.
f69e23aeee57b0c6e0d5713e0ba20ff5ad36eff854b594867f538e19d3734ce9Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984aSCO Security Advisory - A vulnerability has been found in OpenSSL which potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.
bdc10ddc12e02eb7b618303927e2aede4194e4f2011bac78505358a0fc1988aaDebian Security Advisory DSA 882-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.
cd42f43af4ff17b4a96cd242de7b34906d0e8a804bf8bb1a2a8dc70fd5b8ff9eDebian Security Advisory DSA 881-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.
708143c7949a25b7e18c7c30d869bfeef7426dbd3787cdb3ff22b96a07fec4cbDebian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.
e7ab26408e5d2c65bcc64537ceb0b3da408d12e29953bbde9cfc2925fddc3f60Ubuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.
33d74febe976b92e71fbcce56756131cfefa799708b336adad778a3b248b3a90Gentoo Linux Security Advisory GLSA 200510-11 - Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. Versions less than 0.9.8-r1 are affected.
b39adf655de08fa9587a4bc8dc550a6a61431397950b1169b5ffcc9907b147fdOpenSSL Security Advisory - A vulnerability has been found in all previously released versions of OpenSSL (all versions up to 0.9.7h and 0.9.8a). Versions 0.9.7h and 0.9.8a have been released to address the issue. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a man in the middle can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.
404241b8881908198a4c829d5f0e188071576eb55202a16a4e91becf1f9fed6bMandriva Linux Security Update Advisory - Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.
f162a1718a04d64fcdcfa881284798e3240afdc4b36bb8ef9e86a3efbf61ed0e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed