RSA BSAFE SSL-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System : 8/18/2015 3:28:06 AM

This eBook shows you how common web marketing tactics map to their mobile counterparts, including a "this = that" chart of web to app equivalents.
From our sponsors
 

 

Vulnerability Databse
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

RSA BSAFE SSL-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System
8/18/2015 12:00:00 AM

RSA BSAFE SSL-J Lets Remote Users Bypass Fingerprint Based Certificate Restrictions on the Target System
SecurityTracker Alert ID:  1033297
SecurityTracker URL:  http://securitytracker.com/id/1033297
CVE Reference:   CVE-2015-0534   (Links to External Site)
Date:  Aug 18 2015
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.2
Description:   A vulnerability was reported in RSA BSAFE SSL-J. A remote user can bypass security controls on the target system.

A remote user can modify certificate fingerprints and include specially crafted data within the unsigned portion of a certificate to bypass fingerprint-based certificate blacklist security controls on the target system.

Impact:   A remote user can bypass fingerprint-based certificate blacklist security controls on the target system.
Solution:   The vendor has issued a fix (Advisory ESA-2015-081; version 6.2).
Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.