ASA-2019-00534 – Exim: Buffer overflow by sending a SNI ending in a backslash-null sequence during the initial TLS handshake

The SMTP Delivery process in all versions up to and  including Exim 4.92.1 has a Buffer Overflow. In the default runtime configuration, this is exploitable with crafted Server Name Indication (SNI) data during a TLS negotiation. In other configurations, it is exploitable with a crafted client TLS certificate. A local or remote attacker can execute programs with root privileges. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.

ASA-2019-00254 – IBM Planning Analytics: OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption

A vulnerability related to the Java SE Embedded JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information.

ASA-2018-00011 – Squid: Cross-Site Scripting issue in TLS error processing

Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors. Several fields of X.509 certificates can contain HTML syntax and were not being correctly quoted/encoded before inserting into HTML error pages generated by the proxy. This issue allows an attacker to craft a X.509 certificate that both triggers an error and alters how that error is displayed by a client such as a Browser.