H3C SSL VPN through allows wnm/login/login.json svpnlang cookie XSS.Īn issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.
This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. Affected devices do not properly handle the renegotiation of SSL/TLS parameters. It is not part of wolfSSL's native API.Ī vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. Only servers that use wolfSSL_clear instead of the recommended SSL_free SSL_new sequence are affected. Note that this bug is only triggered when resuming sessions using TLS session resumption. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server.
This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. An issue was discovered in wolfSSL before 5.5.0.
0 kommentar(er)
