revocation software vulnerabilities
vulnerabilities.aspcode.net
Searching revocation software vulnerabilities
Off-by-one error in the mod_ssl Certificate Rev
Certificate
|
Revocation
|
Off-by-one
|
mod_ssl
|
error
|
List
|
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
The Online Certificate Status Protocol (OCSP) s
Certificate
|
Protocol
|
Status
|
Online
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
Check Point FireWall-1 allows remote attackers
certificate
|
FireWall-1
|
revocation
|
attackers
|
obtain
|
allows
|
remote
|
lists
|
Check
|
Point
|
Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).
Sun Java System Web Server 6.1 before 20070314
Server
|
before
|
System
|
Java
|
Sun
|
Web
|
Sun Java System Web Server 6.1 before Wednesday, March 14, 2007 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before F
authenticated
|
privileges
|
revocation
|
properly
|
methods
|
flushed
|
execute
|
routine
|
method
|
remote
|
allows
|
Fixpak
|
before
|
revoke
|
after
|
cache
|
until
|
which
|
users
|
auth
|
does
|
IBM
|
not
|
UDB
|
DB2
|
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.
Entrust Entelligence Security Provider (ESP) 8
Entelligence
|
Provider
|
Security
|
Entrust
|
Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Software vulnerabilities results 1 to 7 of 7
Page:
1