Page 62 of 458 results (0.024 seconds)

CVSS: 4.3EPSS: 97%CPEs: 42EXPL: 0

CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

https://notcve.org/view.php?id=CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-0492 – JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)

https://notcve.org/view.php?id=CVE-2015-0492

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y JavaFX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0484. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://rhn.redhat.com/errata/RHSA-2015-0857.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74129 http://www.securitytracker.com/id/1032120 https://securit •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-0486 – JDK: unspecified vulnerability fixed in 8u45 (Deployment)

https://notcve.org/view.php?id=CVE-2015-0486

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 8u40 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://www-01.ibm.com/support/docview.wss?uid=swg21883640 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74145 http://www.securitytracker.com/id/1032120 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-0486 https://bugzilla.redhat.com/show_bug.cgi?id=1211774 •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-0484 – JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)

https://notcve.org/view.php?id=CVE-2015-0484

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0492. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://rhn.redhat.com/errata/RHSA-2015-0857.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74135 http://www.securitytracker.com/id/1032120 https://securit •

CVSS: 10.0EPSS: 5%CPEs: 11EXPL: 0

CVE-2015-0491 – JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)

https://notcve.org/view.php?id=CVE-2015-0491

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad diferente a CVE-2015-0459. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06 •