Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

CVE-2015-3197

Status Candidate

Overview

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Related Files

HP Security Bulletin HPESBHF03703 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03703 1 - Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | be10524a2e4727bd058f212b600721e9
Red Hat Security Advisory 2016-0490-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0490-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.

tags | advisory, java, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 63c16fbee5f285eb1059fe14fdc11584
Red Hat Security Advisory 2016-0446-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0446-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | b7e85ded0d49ed38343307cf853c81f2
Red Hat Security Advisory 2016-0445-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0445-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 3579da10595d2d52fdde6cd8913b04e7
Red Hat Security Advisory 2016-0379-01
Posted Mar 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0379-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
MD5 | c7acb3426e3f7f0fa71a29472a56f598
Red Hat Security Advisory 2016-0372-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0372-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | ea2cda3bb25f4c9d5818c05080ce01d2
Red Hat Security Advisory 2016-0306-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 2f36ad9742f9b96b4e118c0c254db4cc
Red Hat Security Advisory 2016-0305-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0305-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0800
MD5 | d3b49601c460ff97ce020fdf8c82aa2d
Red Hat Security Advisory 2016-0304-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 5070fe93898af747db9ee12243a2fb26
Red Hat Security Advisory 2016-0303-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0303-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | cd9090d3d570d3faf68563b341e88263
Red Hat Security Advisory 2016-0302-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0302-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0797, CVE-2016-0800
MD5 | 56b560b581cb77d71c7aa815262dd5b9
Red Hat Security Advisory 2016-0301-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0301-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
MD5 | c5e03e7095e7922b8ab96f10ab5c7cde
Slackware Security Advisory - openssl Updates
Posted Feb 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3197
MD5 | ea030735cc5782468894116f07e1d45a
FreeBSD Security Advisory - FreeBSD-SA-16:11.openssl
Posted Jan 31, 2016
Site security.freebsd.org

FreeBSD Security Advisory - A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. An active MITM attacker may be able to force a protocol downgrade to SSLv2, which is a flawed protocol and intercept the communication between client and server.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-3197
MD5 | 105c5b4a34e39afed10e9bbc94054342
Gentoo Linux Security Advisory 201601-05
Posted Jan 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-5 - Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes. Versions less than 1.0.2f are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | 23b6803a19602b3166e8d8d8886e8168
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    6 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close