exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

CVE-2014-3568

Status Candidate

Overview

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

Related Files

HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
SHA-256 | 55b881f2a237e07f9560dcebcf5f78996c72fe03931da60fb9afbd2da087871d
HP Security Bulletin HPSBMU03611 1
Posted May 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03611 1 - Multiple potential security vulnerabilities have been identified with the Matrix Operating Environment on Windows and Linux that could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Execution of arbitrary code, Cross-site scripting (XSS), Disclosure of Sensitive Information, Code Execution, and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | linux, windows
advisories | CVE-2009-3555, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-6565, CVE-2015-7501, CVE-2016-0705, CVE-2016-0799, CVE-2016-2017, CVE-2016-2018, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, CVE-2016-2026, CVE-2016-2027
SHA-256 | 07f921689053d6bedbb8e1f9fc233c8b5f70902577e1ef3c8ec264ef9e30544e
Apple Security Advisory 2015-09-16-2
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-2 - Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6394, CVE-2015-0248, CVE-2015-0251, CVE-2015-3185, CVE-2015-5909, CVE-2015-5910
SHA-256 | 7a3af52221713d401a1c4f2c0809a381ca1e1c7cc53f03c7a03efe9fde6277f6
HP Security Bulletin HPSBMU03267 3
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58
HP Security Bulletin HPSBMU03263 3
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBMU03261 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2
Posted May 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
HP Security Bulletin HPSBHF03300 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03300 1 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 329f0280df00f4c7b48c192f216b6d37cdbb7f6ed711b0b2b33a657122fbae7b
HP Security Bulletin HPSBMU03304 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03304 1 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.

tags | advisory, x86, vulnerability
systems | windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 23cb06e0b40a2e6e6cbc8eac69a2687e1b1ecb149c980483c62275e613a41bad
HP Security Bulletin HPSBMU03263 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03263 1 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | e9470422791d2a2b95c43579456c672fbc3a4de6806dd7e01f693c18ab61c8c6
HP Security Bulletin HPSBMU03267 1
Posted Mar 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 1 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 5570b2af5b9b8cf9e59116ff814ca6462db2c1e427ac11943e2afd22e6120ee4
HP Security Bulletin HPSBMU03260 1
Posted Feb 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03260 1 - A potential security vulnerability has been identified with HP System Management Homepage running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 6626a803ddc8c8264f2c7c8eed5352df1f5b48b242c4246b817c9377a12cc3e0
VMware Security Advisory 2015-0001
Posted Jan 28, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

tags | advisory
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3660, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
SHA-256 | 55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33
Apple Security Advisory 2015-01-27-4
Posted Jan 28, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2011-2391, CVE-2014-1595, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-4371, CVE-2014-4389, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4426, CVE-2014-4460, CVE-2014-4461, CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4492, CVE-2014-4495, CVE-2014-4497, CVE-2014-4498, CVE-2014-4499, CVE-2014-6277
SHA-256 | 434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97
HP Security Bulletin HPSBOV03227
Posted Jan 12, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03227 - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-3556, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 388383b2c3d37ee3b91f78f91d186afc077b8a7f693178ebf43e1ddcc4d0db88
Gentoo Linux Security Advisory 201412-39
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6449, CVE-2013-6450, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbae
HP Security Bulletin HPSBUX03162 SSRT101767 3
Posted Dec 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 3 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle On Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | ac73ab793d3e143cbf0d6f6b0e608c4518b82d95afb0fd03bef55139f7c4359f
HP Security Bulletin HPSBUX03162 SSRT101767 2
Posted Nov 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | c51bd30a7372995a2a077c7720121ca3dfb8254c3036fbf6a8b37926e402e633
HP Security Bulletin HPSBUX03162 SSRT101767
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 6652a13d7c69ae6a2897c9474ac902a1366196ab08a094e82c693ce4abdb973b
FreeBSD Security Advisory - OpenSSL Vulnerabilities
Posted Oct 22, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE.

tags | advisory, protocol, memory leak
systems | freebsd
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 1338c6e5d97b6096c8316516c16ede168dd7ee9fb4220f57cfcb0077bbbdbdbe
Debian Security Advisory 3053-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3053-1 - Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | be5632a50e45f3cb615e3418c715bac89d088636f75a6a4d5e8803d38f0c311a
Slackware Security Advisory - openssl Updates
Posted Oct 17, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 0cadf5356b8ab0e92a415510de66dc400ae0d423de69ab42a4d1237f20e2785c
OpenSSL Toolkit 1.0.1j
Posted Oct 15, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Multiple memory leaks fixed. SSLV3 Fallback and various other security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
OpenSSL Security Advisory 20141015
Posted Oct 15, 2014
Site openssl.org

OpenSSL Security Advisory 20141015 - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Other issues were also addressed.

tags | advisory, denial of service, memory leak
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 7f813dab43819360edd0f61d0861444f45d4c41b0e985a636961e64207acbf57
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close