SSL data injection
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
SSL data injection
updated since 09.11.2009
Published:
10.02.2010
Source:
BUGTRAQ
SecurityVulns ID:
10388
Type:
m-i-t-m
Level:
8
/10
Description:
Data injection possibility connected with SSL in-session renegotiation.
Affected:
OPENSSL
:
OpenSSL 0.9
PROFTPD
:
ProFTPD 1.3
APACHE
:
Apache 2.2
ARUBANETWORKS
:
ArubaOS 2.4
ARUBANETWORKS
:
ArubaOS 2.5
ARUBANETWORKS
:
ArubaOS 3.1
ARUBANETWORKS
:
ArubaOS 3.3
GNU
:
GnuTLS 2.8
ARUBANETWORKS
:
ArubaOS 3.4
MOZILLA
:
Mozilla Network Security Services 3.12
CVE:
CVE-2009-3555
Original document
ARUBANETWORKS
,
Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability
(
10.02.2010
)
RedTeam Pentesting
,
TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
(
22.12.2009
)
RedTeam Pentesting
,
msgid:20091221130346.GA23192@otis.atalante.redteam-pentesting.de?to=bugtraq@securityfocus.com&from=RedTeam%20Pentesting%20GmbH&folder=\\3APA3A\Bugtraq&subject=TLS%20Renegotiation%20Vulnerability:%20Proof
(
22.12.2009
)
MANDRIVA
,
[ MDVSA-2009:337 ] proftpd
(
22.12.2009
)
Thierry Zoller
,
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
(
30.11.2009
)
Thierry Zoller
,
TLS / SSLv3 vulnerability explained (DRAFT)
(
18.11.2009
)
CISCO
,
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
(
11.11.2009
)
MANDRIVA
,
[ MDVSA-2009:295 ] apache
(
09.11.2009
)
Files:
PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
