Tagged: vulnerability

VU#577193: POODLE vulnerability in SSL 3.0 0

VU#577193: POODLE vulnerability in SSL 3.0

Vulnerability Note VU#577193 POODLE vulnerability in SSL 3.0 Original Release date: 17 Oct 2014 | Last revised: 17 Oct 2014 Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining (CBC) mode is used. This is commonly referred to as the “POODLE” (Padding Oracle On Downgraded Legacy Encryption) attack

Apple Releases Security Update 2014-005 0

Apple Releases Security Update 2014-005

Original release date: October 17, 2014 Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details

Drupal Releases Security Advisory 0

Drupal Releases Security Advisory

Original release date: October 17, 2014 Drupal has released a security advisory to address an application program interface (API) vulnerability ( CVE-2014-3704 ) that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x versions prior to 7.32. US-CERT advises users and administrators review Drupal’s Security Advisory and apply the necessary update or patch.

Ebola Phishing Scams and Malware Campaigns 0

Ebola Phishing Scams and Malware Campaigns

Original release date: October 16, 2014 US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system

OpenSSL Patches Four Vulnerabilities 0

OpenSSL Patches Four Vulnerabilities

Original release date: October 16, 2014 OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or execute man-in-the-middle attacks. The following updates are available: OpenSSL 1.0.1 users should upgrade to 1.0.1j OpenSSL 1.0.0 users should upgrade to 1.0.0o OpenSSL 0.9.8 users should upgrade to 0.9.8zc US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability, (Thu, Oct 16th) 0

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability, (Thu, Oct 16th)

Advisory ID: cisco-sa-20141015-poodle Revision 1.0 For Public Release 2014 October 15 17:30 UTC (GMT) +——————————————————————— Summary +====== On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software, (Wed, Oct 15th) 0

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software, (Wed, Oct 15th)

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software Advisory ID: cisco-sa-20141015-vcs Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.