Searching ssl engine logc software vulnerabilities

IBM WebSphere ikeyman tool uses weak encryption

connections | encryption | WebSphere | password | database | ikeyman | store | tool | used | weak | uses | IBM | SSL | key |

IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.


Trustix installs the httpsd program for Apache-

world-writeable | permissions | Apache-SSL | installs | replace | Trustix | program | Trojan | httpsd | allows | horse | which | local | users |

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.


RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in

SSL-J | BSAFE | RSA |

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.


HTTP Server mod_ssl module running on HP-UX 11.

mod_ssl | running | module | Server | HP-UX | HTTP |

HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.


Webmin 0.21 through 1.0 uses the same built-in

Webmin |

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.


The Microsoft Secure Sockets Layer (SSL) librar

Microsoft | Sockets | Secure | Layer |

The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.


Stack-based buffer overflow in the ssl_util_uue

ssl_util_uuencode_binary | certificate | Stack-based | configured | arbitrary | attackers | ssl_utilc | overflow | function | subject | execute | mod_ssl | issuing | Apache | buffer | client | remote | allow | trust | code | long | may | via |

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.


mod_ssl in Apache 2.0.50 and earlier allows rem

mod_ssl | Apache |

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.


The char_buffer_read function in the mod_ssl mo

char_buffer_read | attackers | proxying | function | reverse | mod_ssl | service | allows | remote | denial | Apache | module | server | cause | using | SSL |

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).


Format string vulnerability in telnetd-ssl 0.17

vulnerability | telnetd-ssl | Format | string |

Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.


ssl_engine_kernel.c in mod_ssl before 2.8.24, w

ssl_engine_kernelc | mod_ssl | before |

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.


Unspecified vulnerability in Squid on SUSE Linu

vulnerability | Unspecified | attackers | service | remote | denial | allows | Squid | cause | Linux | SUSE |

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).


mod_ssl in Apache 2.0 up to 2.0.55, when config

mod_ssl | Apache |

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.


Cisco CSS 11500 Content Services Switch (CSS) w

Cisco | CSS |

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.


Buffer overflow in the SSL-ready version of lin

linux-ftpd | SSL-ready | overflow | version | Buffer |

Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.


Opera before 9.0 does not reset the SSL securit

SSL-enabled | certificate | facilitates | displaying | untrusted | attackers | download | phishing | security | website | attacks | trusted | remote | allows | before | dialog | reset | Opera | spoof | which | after | does | not | bar | SSL |

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.


ModernBill 5.0.4 and earlier uses cURL with ins

ModernBill |

ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.


The Kernel SSL Proxy service (svc:/network/ssl/

service | Kernel | Proxy | SSL |

The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before Tuesday, September 26, 2006 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.


BEA WebLogic Server 9.0 through 9.2 allows remo

attackers | WebLogic | through | service | denial | remote | Server | allows | cause | BEA |

BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.


Mail Notification 4.0, when WITH_SSL is set to

Notification | connections | unencrypted | information | configured | sensitive | attackers | accounts | WITH_SSL | sniffing | network | SSL/TLS | compile | remote | obtain | allows | which | uses | time | Mail | set |

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.


Software vulnerabilities results 1 to 20 of 403     
Page: 12345...21