Page 3 of 12 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2, RSA BSAFE SSL-J en versiones anteriores a 6.2 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, no fuerza ciertas restricciones en datos de certificado, lo que permite a atacantes remotos anular el mecanismo de protección de lista negra de certificados basado en fingerprint mediante la inclusión de datos manipulados en una porción sin firmar de un certificado, un problema similar a CVE-2014-8275. • http://seclists.org/bugtraq/2015/Aug/84 http://www.securityfocus.com/bid/76377 http://www.securitytracker.com/id/1033297 http://www.securitytracker.com/id/1033298 • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociación como lo era antes de ella, lo que permite ataques 'man-in-the-middle' para obtener información sensible o modificar datos de la sesión TLS a través de 'ataque de triple negociación' • http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html http://www.securityfocus.com/bid/72534 https://secure-resumption.com • CWE-310: Cryptographic Issues •