You can rely on OVAL interpreter using these definitions
oval:org.mitre.oval:def:8366, HP-UX Running Apache, Remote Unauthorized
Data Injection, Denial of Service (DoS)
oval:org.mitre.oval:def:8535, HP-UX Running OpenSSL, Remote Unauthorized
Data Injection, Denial of Service (DoS)
oval:org.mitre.oval:def:7973, Security Vulnerability in the Transport
Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects Applications Utilizing Network
Security Services (NSS)
oval:org.mitre.oval:def:11578, Security Vulnerability in the Transport
Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects OpenSSL
oval:org.mitre.oval:def:10088, The TLS protocol, and the SSL protocol 3.0
and possibly earlier, as used in Microsoft Internet Information Services
(IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL
before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security
oval:org.mitre.oval:def:7315, TLS/SSL Renegotiation Vulnerability
See here the complete mapping
http://www.security-database.com/detail.php?alert=CVE-2009-3555
Kind Regards
Nabil
www.twitter.com/toolswatch
> Any recommendations for a tool to test this?
>
> Thanks,
> Richard
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
You can rely on OVAL interpreter using these definitions
oval:org.mitre.oval:def:8366, HP-UX Running Apache, Remote Unauthorized
Data Injection, Denial of Service (DoS)
oval:org.mitre.oval:def:8535, HP-UX Running OpenSSL, Remote Unauthorized
Data Injection, Denial of Service (DoS)
oval:org.mitre.oval:def:7973, Security Vulnerability in the Transport
Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects Applications Utilizing Network
Security Services (NSS)
oval:org.mitre.oval:def:11578, Security Vulnerability in the Transport
Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects OpenSSL
oval:org.mitre.oval:def:10088, The TLS protocol, and the SSL protocol 3.0
and possibly earlier, as used in Microsoft Internet Information Services
(IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL
before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security
oval:org.mitre.oval:def:7315, TLS/SSL Renegotiation Vulnerability
See here the complete mapping
http://www.security-database.com/detail.php?alert=CVE-2009-3555
Kind Regards
Nabil
www.twitter.com/toolswatch
> Any recommendations for a tool to test this?
>
> Thanks,
> Richard
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]