Maximilian Radoy

#10983of 53,635
25.1Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2025-5738
9.8
2025-02-05
Nginx · Nginx · CVE-2025-23419
**Name of the Vulnerable Software and Affected Versions** nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 **Description** When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This issue arises when TLS Session Tickets and/or the SSL session cache are used in the default server and the default server is performing client certificate authentication. **Recommendations** For versions 1.11.4 through 1.27.31, update to version 1.26.3 or 1.27.4 to resolve the issue. For version 1.26.3, no further action is required as this version includes the fix. For version 1.27.4, no further action is required as this version includes the fix. As a temporary workaround, consider disabling the use of TLS Session Tickets and the SSL session cache in the default server until a patch is available.
PT-2025-29117
9.4
2024-11-25
Apache · Apache Http Server · CVE-2025-23048
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.35 through 2.4.63 Description: In certain mod ssl configurations, an access control bypass is possible for trusted clients using TLS 1.3 session resumption. This occurs when mod ssl is configured for multiple virtual hosts, each restricted to a different set of trusted client certificates, and `SSLStrictSNIVHostCheck` is not enabled in either virtual host. Recommendations: Apache HTTP Server versions 2.4.35 through 2.4.63: Enable `SSLStrictSNIVHostCheck` in all virtual host configurations.
PT-2022-22313
5.9
2022-09-20
Zyxel · Zyxel Gs1900 · CVE-2022-34746
**Name of the Vulnerable Software and Affected Versions** Zyxel GS1900 series firmware versions prior to V2.70 **Description** An insufficient entropy issue, caused by the improper use of randomness sources with low entropy for RSA key pair generation, affects the web administration interface. This could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate. **Recommendations** For Zyxel GS1900 series firmware versions prior to V2.70, update to version V2.70 or later to resolve the issue. As a temporary workaround, consider restricting access to the web administration interface until the update can be applied.