CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVE-2016-2086
https://notcve.org/view.php?id=CVE-2016-2086
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Node.js 0.10.x en versiones anteriores a 0.10.42, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos llevar a cabo ataques de contrabando de peticiones HTTP a través de una cabecera Content-Length HTTP. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://www.securityfocus.com/bid/83282 https://nodejs.org/en/blog/vulnerability/february-2016-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-20: Improper Input Validation •
CVE-2016-2216 – Node.js HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. El código de interpretacción de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versión 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos eludir un mecanismo de protección de separación de respuesta HTTP a través de caracteres Unicode codificados en UTF-8 en la cabecera HTTP, según lo demonstrado mediante %c4%8d%c4%8a. Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability. • http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html http://www.securityfocus.com/bid/83141 https://nodejs.org/en/blog/vulnerability/february-2016-security-re • CWE-20: Improper Input Validation •
CVE-2015-8027
https://notcve.org/view.php?id=CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (uncaughtException e interrupción de servicio) a través de una petición HTTP con pipelining. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524 http://www-01.ibm.com/support/docview.wss?uid=swg21972419 http://www.securityfocus.com/bid/78207 https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 https://nodejs.org/en/blog/vulnerability/december-2015-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-17: DEPRECATED: Code •
CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RSA PSS ASN.1 que carece de un parámetro de función de generación de máscara. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensus • CWE-476: NULL Pointer Dereference •