Количество 20
Количество 20
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-3618
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, expl ...
SUSE-SU-2022:4266-1
Security update for nginx
SUSE-SU-2022:4265-1
Security update for nginx
SUSE-SU-2022:4201-1
Security update for nginx
SUSE-SU-2022:4192-1
Security update for nginx
SUSE-SU-2022:3888-1
Security update for vsftpd
SUSE-SU-2022:3458-1
Security update for vsftpd
SUSE-SU-2022:3457-1
Security update for vsftpd
SUSE-SU-2022:3383-1
Security update for vsftpd
SUSE-SU-2022:3320-1
Security update for vsftpd
SUSE-RU-2022:0655-1
Recommended update for vsftpd
ROS-20220125-08
Уязвимость агента передачи почты Sendmail
ROS-20220125-02
Уязвимость веб-сервера Nginx
ROS-20220112-03
Уязвимость FTP-сервера vsftpd
GHSA-r9r5-jxp7-whr4
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
BDU:2022-00351
Уязвимость FTP-сервера vsftpd, связанная с отсутствием защиты передаваемых данных, позволяющая нарушителю выполнить атаку типа «человек посередине»
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
 | CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | CVSS3: 7.4 | 0% Низкий | около 4 лет назад |
 | CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
 | CVSS3: 7.4 | 0% Низкий | около 3 лет назад | |
| CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, expl ... | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
 | SUSE-SU-2022:4266-1 Security update for nginx | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:4265-1 Security update for nginx | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:4201-1 Security update for nginx | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:4192-1 Security update for nginx | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:3888-1 Security update for vsftpd | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:3458-1 Security update for vsftpd | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:3457-1 Security update for vsftpd | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:3383-1 Security update for vsftpd | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2022:3320-1 Security update for vsftpd | 0% Низкий | больше 2 лет назад | |
| SUSE-RU-2022:0655-1 Recommended update for vsftpd | 0% Низкий | около 3 лет назад | |
 | ROS-20220125-08 Уязвимость агента передачи почты Sendmail | 0% Низкий | больше 3 лет назад | |
| ROS-20220125-02 Уязвимость веб-сервера Nginx | 0% Низкий | больше 3 лет назад | |
| ROS-20220112-03 Уязвимость FTP-сервера vsftpd | 0% Низкий | больше 3 лет назад | |
| GHSA-r9r5-jxp7-whr4 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
 | BDU:2022-00351 Уязвимость FTP-сервера vsftpd, связанная с отсутствием защиты передаваемых данных, позволяющая нарушителю выполнить атаку типа «человек посередине» | CVSS3: 7.4 | почти 4 года назад |
Уязвимостей на страницу