Vulnerability in TLS Protocol during Renegotiation [CVE-2009-3555]

Exploits:

font size: decrease font size increase font size
Rate this article
View Comments
Related content

A security vulnerability in the TLS protocol (TLS 1.0 or later and SSLv3) may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow one to decrypt the intercepted network communication. This issue is referenced in CVE-2009-3555 Exact nature of the impact depends on the application making use of the TLS facility. Applications which use Network Security Services ...

A security vulnerability in the TLS protocol (TLS 1.0 or later and SSLv3) may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow one to decrypt the intercepted network communication.

This issue is referenced in CVE-2009-3555

Exact nature of the impact depends on the application making use of the TLS facility. Applications which use Network Security Services (NSS), Java Secure Socket Extensions (JSSE), OpenSSL or GnuTLS libraries may be affected.

Sun is evaluating the impact of the issue on various products which make use of the TLS libraries. We are working to fix the TLS implementations according to the TLS protocol standard extensions currently being developed.

Read Full Article

Written on Thursday, 05 November 2009 14:31 by

Viewed 337 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from

Vuln: eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability posted on Friday, 20 November 2009 11:00
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
Fly for $1 or Your Money Back! posted on Friday, 20 November 2009 12:07
It is the time of year to get together with family and friends, and that…
U.S. Reviews Air Defenses to Thwart Terror From Skies posted on Friday, 20 November 2009 12:38
I'm not sure how one can ever place a price tag on preventing another 9/11or…
Las Vegas Urges Officials To Cancel Mock Nuclear Blast posted on Friday, 20 November 2009 12:47
The Las Vegas Convention and Visitors Authority is asking the Department of Homeland Security to…
Americans Expect Islamic Terror Strike Within 6 Months posted on Friday, 20 November 2009 12:53
According to a new poll, two-thirds of Americans expect an Islamic suicide bomb attack on…

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top