CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-9506 – Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
https://notcve.org/view.php?id=CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. La especificación de Bluetooth BR/EDR incluyendo versión 5.1, permite una longitud de clave de cifrado suficientemente baja y no impide que un atacante influya en la negociación de longitud de clave. Esto permite ataques prácticos de fuerza bruta (también se conoce como "KNOB") que pueden descifrar el tráfico e inyectar texto cifrado arbitrario sin que la víctima se dé cuenta. A flaw was discovered in the Bluetooth protocol. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://www.cs.ox.ac.uk/publications/publication12404-abstract.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en https: • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2016-4754
https://notcve.org/view.php?id=CVE-2016-4754
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. ServerDocs Server en Apple OS X Server en versiones anteriores a 5.2 permite el cifrado RC4, lo que podría permitir a atacantes remotos vencer mecanismos de protección criptográfica a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html http://www.securityfocus.com/bid/93061 http://www.securitytracker.com/id/1036853 https://support.apple.com/HT207171 • CWE-310: Cryptographic Issues •
CVE-2016-4694
https://notcve.org/view.php?id=CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la sección 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar el tráfico HTTP fuera de rango de una aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, problema también conocido como "httpoxy", un problema relacionado con CVE-2016-5387. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html http://www.securityfocus.com/bid/93060 http://www.securitytracker.com/id/1036853 https://support.apple.com/HT207170 https://support.apple.com/HT207171 • CWE-284: Improper Access Control •
CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •