Lucene search
GoogleOSV:DLA-400-1HistoryJan 24, 2016 - 12:00 a.m.
pound - security update
2016-01-2400:00:00
Google
osv.dev
9
0.975 High
EPSS
Percentile
100.0%
This update fixes certain known vulnerabilities in pound in squeeze-lts by
backporting the version in wheezy.
- CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, multiple Cisco products, and other products,
does not properly associate renegotiation handshakes with an
existing connection, which allows man-in-the-middle attackers to
insert data into HTTPS sessions, and possibly other types of
sessions protected by TLS or SSL, by sending an unauthenticated
request that is processed retroactively by a server in a
post-renegotiation context, related to a plaintext injection
attack, aka the Project Mogul issue. - CVE-2011-3389
The SSL protocol, as used in certain configurations in Microsoft
Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
Chrome, Opera, and other products, encrypts data by using CBC mode
with chained initialization vectors, which allows man-in-the-middle
attackers to obtain plaintext HTTP headers via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the
Java URLConnection API, or (3) the Silverlight WebClient API, aka a
BEAST attack. - CVE-2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google
Chrome, Qt, and other products, can encrypt compressed data without
properly obfuscating the length of the unencrypted data, which
allows man-in-the-middle attackers to obtain plaintext HTTP headers
by observing length differences during a series of guesses in which
a string in an HTTP request potentially matches an unknown string in
an HTTP header, aka a CRIME attack. - CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue.
References
Related
nessus
nessus
Debian DLA-400-1 : pound security update (BEAST) (POODLE)
2016-01-25 00:00:00
Debian DSA-3253-1 : pound - security update (POODLE)
2015-05-11 00:00:00
Fedora 20 : Pound-2.6-8.fc20 (2014-13777)
2014-11-12 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-400-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3253-1 (pound - security update)
2015-05-07 00:00:00
Debian: Security Advisory (DSA-3253-1)
2015-05-06 00:00:00
debian
debian
[SECURITY] [DLA 400-1] pound security update
2016-01-24 04:50:54
[SECURITY] [DSA 3253-1] pound security update
2015-05-07 19:39:51
[SECURITY] [DSA 2626-1] lighttpd security update
2013-02-17 11:14:16
osv
osv
pound - security update
2015-05-07 00:00:00
lighttpd - several issues
2013-02-17 00:00:00
nginx - information leak
2013-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
[SECURITY] Fedora 16 Update: thunderbird-9.0-4.fc16
2011-12-23 03:31:27
rapid7blog
rapid7blog
f5
f5
SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
2012-12-05 00:00:00
K14054 : CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
2013-09-09 00:00:00
jvn
jvn
JVN#65273415: Android OS issue where it is affected by the CRIME attack
2016-07-22 00:00:00
threatpost
threatpost
Apple Patches Mass of Security Bugs in OS X and Safari
2013-06-05 09:51:54
ubuntucve
ubuntucve
CVE-2012-4929
2012-09-15 00:00:00
debiancve
debiancve
CVE-2012-4929
2012-09-15 18:55:03
CVE-2011-3389
2011-09-06 19:55:03
veracode
veracode
Information Leakage
2019-01-15 08:58:53
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
ibm
ibm
prion
prion
Design/Logic Flaw
2012-09-15 18:55:00
Session fixation
2011-09-06 19:55:00
cvelist
cvelist
CVE-2012-4929
2012-09-15 18:00:00
nvd
nvd
ubuntu
ubuntu
OpenSSL vulnerability
2013-07-04 00:00:00
Qt vulnerability
2012-11-08 00:00:00
NSS vulnerability
2010-04-09 00:00:00
cve
cve
mskb
mskb
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
TLS Renegotiation Vulnerability PoC Exploit
2009-12-21 00:00:00
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
centos
centos
nspr, nss security update
2010-03-28 15:36:50
openssl097a security update
2010-03-27 17:44:36
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
hackerone
hackerone
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
slackware
slackware
openssl
2009-11-16 13:42:36
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
redhat
redhat
(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update
2010-03-17 00:00:00
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39
securityvulns
securityvulns