Original release date: April 29, 2015
Systems Affected
Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL.
Overview
Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of...
Original release date: October 17, 2014
Systems Affected
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...
This website is not affected by the exploit in any way.
Further information:
Last night news about a remote OpenSSL bug was disclosed on http://heartbleed.com/ which detailed out an exploit in the OpenSSL system library that handles HTTPS connections on your server. This bug impacts CentOS 6.x...
Original release date: April 08, 2014
Systems Affected
OpenSSL 1.0.1 through 1.0.1f
OpenSSL 1.0.2-beta
Overview
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory...
credentials
cve-2014-0160
data exposure
exploit
heartbleed
impact
key material
memory
mitigation
openssl
patch
perfect forward secrecy
public access
public disclosure
revision history
security
security flaw
system administrators
tls
vulnerability
Greetings! A new list of internal changes is now available for November 2013. Most of these changes are "under the hood" internal upgrades.
PHP updated to 5.4.21
Core:
Fixed bug #65322 (compile time errors won't trigger auto loading).
CLI server:
Fixed bug #65633 (built-in server treat some...
Hi,
I couldn't get OCSP revocation check to work on Windows 7. I installed my self-signed Root and Intermediate certificates (generated using openssl 0.9.8) on my Windows 7 machine. I then go to Internet Explorer and type in the https://....com:4440. The port sends back a leaf certificate...