The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
#CITY CAR DRIVING 1.4.1 BUG PATCXH WINDOWS#
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.ĬFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.ĭell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). The vulnerability has been fixed in mitmproxy 7.0.3 and above. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. Mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed.
#CITY CAR DRIVING 1.4.1 BUG PATCXH SOFTWARE#
Fixed in OpenSSL 3.0.1 (Affected 3.0.0).Ī vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. By combining the two issues an attacker could induce incorrect, application dependent behaviour. This issue can occur even with valid chains. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY.
That function may return a negative return value to indicate an internal error (for example out of memory). Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.