the original cloud security
Showing 1 - 15 of 15 RSS Feed

CVE-2015-3197

Status Candidate

Overview

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Related Files

HP Security Bulletin HPESBHF03703 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03703 1 - Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | be10524a2e4727bd058f212b600721e9
Red Hat Security Advisory 2016-0490-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0490-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.

tags | advisory, java, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 63c16fbee5f285eb1059fe14fdc11584
Red Hat Security Advisory 2016-0446-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0446-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | b7e85ded0d49ed38343307cf853c81f2
Red Hat Security Advisory 2016-0445-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0445-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 3579da10595d2d52fdde6cd8913b04e7
Red Hat Security Advisory 2016-0379-01
Posted Mar 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0379-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
MD5 | c7acb3426e3f7f0fa71a29472a56f598
Red Hat Security Advisory 2016-0372-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0372-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | ea2cda3bb25f4c9d5818c05080ce01d2
Red Hat Security Advisory 2016-0306-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 2f36ad9742f9b96b4e118c0c254db4cc
Red Hat Security Advisory 2016-0305-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0305-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0800
MD5 | d3b49601c460ff97ce020fdf8c82aa2d
Red Hat Security Advisory 2016-0304-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 5070fe93898af747db9ee12243a2fb26
Red Hat Security Advisory 2016-0303-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0303-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | cd9090d3d570d3faf68563b341e88263
Red Hat Security Advisory 2016-0302-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0302-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0797, CVE-2016-0800
MD5 | 56b560b581cb77d71c7aa815262dd5b9
Red Hat Security Advisory 2016-0301-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0301-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
MD5 | c5e03e7095e7922b8ab96f10ab5c7cde
Slackware Security Advisory - openssl Updates
Posted Feb 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3197
MD5 | ea030735cc5782468894116f07e1d45a
FreeBSD Security Advisory - FreeBSD-SA-16:11.openssl
Posted Jan 31, 2016
Site security.freebsd.org

FreeBSD Security Advisory - A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. An active MITM attacker may be able to force a protocol downgrade to SSLv2, which is a flawed protocol and intercept the communication between client and server.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-3197
MD5 | 105c5b4a34e39afed10e9bbc94054342
Gentoo Linux Security Advisory 201601-05
Posted Jan 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201601-5 - Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes. Versions less than 1.0.2f are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | 23b6803a19602b3166e8d8d8886e8168
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close