CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar números arbitrarios que en realidad no son claves públicas, y desencadenar costosos cálculos de exponenciación modular DHE del lado del servidor, también se conoce como un ataque D(HE)ater. • https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf https://dheatattack.com https://dheatattack.gitlab.io https://github.com/Balasys/dheater https://github.com/mozilla/ssl-config-generator/issues/162 https://gitlab.com/dheatattack/dheater https://ieeexplore.ieee.org/document/10374117 https://support.f5.com/csp/article/K83120834 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration https: • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-31221
https://notcve.org/view.php?id=CVE-2021-31221
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. SES Evolution versiones anteriores a 2.1.0, permite eliminar algunas partes de una política de seguridad al aprovechar el acceso a un ordenador que tenga instalada la consola de administración • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-023 •
CVE-2021-31222
https://notcve.org/view.php?id=CVE-2021-31222
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. SES Evolution versiones anteriores a 2.1.0, permite actualizar algunas partes de una política de seguridad al aprovechar el acceso a un ordenador que tenga instalada la consola de administración • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-024 •
CVE-2021-31223
https://notcve.org/view.php?id=CVE-2021-31223
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. SES Evolution versiones anteriores a 2.1.0, permite leer algunas partes de una política de seguridad al aprovechar el acceso a un ordenador que tenga instalada la consola de administración • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-025 •
CVE-2021-31220
https://notcve.org/view.php?id=CVE-2021-31220
SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. SES Evolution versiones anteriores a 2.1.0, permite c al aprovechar el acceso de un usuario que tenga acceso de sólo lectura a las políticas de seguridad • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-022 •