info
discussion
exploit
solution
references
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
References:
Bug 526689 - (CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability
(https://bugzilla.mozilla.org/show_bug.cgi?id=526689)
Version 6.1.5 - Release Note
(Innominate)
[syslog-ng-announce] syslog-ng Premium Edition 3.0.7a has been released
(BalaBit)
[syslog-ng-announce] syslog-ng Premium Edition 3.2.1b has been released
(BalaBit)
[TLS] MITM attack on delayed TLS-client auth through renegotiation
(Martin Rex)
1.2.3 Release Available!
(BSD Perimeter)
1.3.2 Release Notes
(ProFTPD Project)
Advisory: TLS protocol vulnerable to Man In The Middle attack
(Opera Software)
AIX OpenSSL session renegotiation vulnerability
(IBM)
Are DataPower appliances affected by the SSL Man-in-the-Middle attack (CVE-2009-
(IBM)
Authentication Gap in TLS Renegotiation
(Extended Subset)
ChangeLog
(OpenSSL Project)
Changes with Apache 2.2.15
(Apache)
Critical updates for IBM WebSphere DataPower SOA appliances
(IBM)
December 21, 2010 - Multiple SSL/TLS vulnerabilities in Reporter
(Blue Coat Systems)
HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorize
(HP)
HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary
(HP)
IBM - Fixes contained in Java SDK 5.0 Service Refresh 11 Fix Packs
(IBM)
IBM Java Security alerts
(IBM)
II14533 - TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION VULNERABILITY
(IBM)
MatrixSSL 1.8.8 Release Protocol Security Updates
(MatrixSSL)
MatrixSSL Homepage
(MatrixSSL)
MS81: WebSphere MQ internet pass-thru
(IBM)
Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16
(chandan)
Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16
(Oracle)
My take on the SSL MITM Attacks â?? part 3 â?? the FTPS attacks
(Alun Jones)
NSS 3.12.5 release notes
(Mozilla)
OpenBSD 4.5 errata
(OpenBSD)
OpenBSD 4.6 errata
(OpenBSD)
OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd
(OpenOffice)
OpenVPN 2.1_rc21 released
(James Yonan
yonan.net>)
Opera 10.50 (with Opera Widgets for Desktop) for Windows changelog (Final)
(Opera)
Opera 10.50 alpha version testing fix for TLS Renegotiation Security Problem.
(Opera Software)
PK96157: SHIP APAR FIXES FOR H28W601 FIX PACK 6.0.2.39. 09/09/14 PTF PECHANGE
(IBM)
PM10658: IBM HTTP SERVER 2.0.47 CUMULATIVE INTERIM FIX
(IBM)
PM12247: SHIP APAR FIXES FOR H28W610 FIX PACK 6.1.0
(IBM)
Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation
(Marsh Ray)
Re: TLS renegotiation MITM
(GNU)
Redirecting and modifying SMTP mail with TLS session renegotiation attacks
(Wietse Venema)
Release Notes for SSH Tectia Guardian 2.0.2b and Audit Player 2.0.13
(SSH Communication Security)
Release notice for Ingate Firewall 4.8.1 and Ingate SIParator 4.8.1
(Ingate)
RFC 5746 - Transport Layer Security (TLS) Renegotiation Indication Extension
(IETF)
TLS renegotiation vulnerability (CVE-2009-3555)
(Anil Kurmus)
tls-ssl-proof-of-concept.html
(G-SEC)
TLS/SSLv3 renegotiation (CVE-2009-3555)
(Blue Coat Systems)
Version 5.1.6 - Release Notes
(Innominate)
Version 7.2.1 - Release Note
(Innominate)
VMSA-2010-0015 VMware ESX third party updates for Service Console
(VMWare)
Vulnerability in TLS Protocol during Renegotiation [CVE-2009-3555]
(Sun)
Zeus Web Server 4.3 Release Notes
(Zeus Technologies)
[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote
(security-alert@hp.com)
FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
(FreeBSD Security Advisories
)
TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
(Thierry Zoller
)
TLS / SSLv3 vulnerability explained (DRAFT)
(Thierry Zoller
)
1415080 Transport Layer Security (TLS) handshake renegotiation weak security CVE
(IBM)
1432298 Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, a
(IBM)
273350 Security Vulnerability in the Transport Layer Security (TLS) and Secure S
(Sun)
274990 Security Vulnerability in the Transport Layer Security (TLS) and Secure S
(Sun)
4025312 IBM HTTP Server interim fix for PM00675
(IBM)
4025718 PM04483: CVE-2009-3555: TLS/SSL PROTOCOL VULNERABILITY FOR WSAS SDK 1.5
(IBM)
4025719 PM04482: CVE-2009-3555: TLS/SSL PROTOCOL VULNERABILITY FOR WSAS SDK 1.5
(IBM)
AID-020810: TLS Protocol Session Renegotiation Security Vulnerability
(Aruba Networks)
An OpenSource VooDoo cIRCle - security advisory 20091112-01
(VooDoo cIRCle)
ASA-2009-537 httpd security update (RHSA-2009-1579)
(Avaya)
ASA-2009-576
(Avaya)
ASA-2009-593 Security Vulnerability in the Transport Layer Security (TLS) and Se
(Avaya)
ASA-2010-082 openssl097a security update (RHSA-2010-0164)
(Avaya)
ASA-2010-088 java-1.6.0-openjdk security update (RHSA-2010-0339)
(Avaya)
ASA-2010-111 openssl security update (RHSA-2010-0163)
(Avaya)
ASA-2010-118 gnutls security update (RHSA-2010-0166)
(Avaya)
ASA-2010-119 nss security update (RHSA-2010-0165)
(Avaya)
ASA-2010-134 openssl security update
(Avaya)
ASA-2010-171 HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution
(Avaya)
ASA-2010-205 MS10-049 Vulnerabilities in SChannel Could Allow Remote Code Execut
(Avaya)
ASA-2010-307 java-1.6.0-sun security update (RHSA-2010-0770)
(Avaya)
ASA-2010-308 java-1.6.0-openjdk security and bug fix update (RHSA-2010-0768)
(Avaya)
Avaya Security Advisory ASA-2010-105
(Avaya)
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
(Cisco)
HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SS
(HP)
HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and
(HP)
HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary
(HP)
HS10-030
(Hitachi)
IC65922: SECURITY: BUFFER OVERRUN IN REPEAT UDF
(IBM)
IC69118: DB2 9.7 FIXPACK 2 REQUIRED FOR SECURITY FIXES
(IBM)
Microsoft Security Advisory (977377) Vulnerability in TLS/SSL Could Allow Spoofi
(Microsoft)
Microsoft Security Bulletin MS10-049
(Microsoft)
Mozilla Foundation Security Advisory 2010-22
(Mozilla)
OpenSSL vulnerability CVE-2009-3555 with Access Manager
(Novell)
Oracle Critical Patch Update Advisory - April 2011
(Oracle)
Oracle Critical Patch Update Advisory - July 2010
(Oracle)
Oracle Critical Patch Update Advisory - October 2010
(Oracle)
Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010
(Oracle)
Oracle Java SE and Java for Business Critical Patch Update Advisory - October 20
(Oracle)
RHSA-2010:0119 JBoss Enterprise Web Server 1.0.1 update
(Red Hat)
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets
(Sun)
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets
(Sun)
September 13, 2011 - Director multiple Apache vulnerabilities
(Blue Coat)
SOL10737: SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
(F5 Networks)
Transport Layer Security Renegotiation Vulnerability
(Citrix)
Vulnerabilities in Apache Tomcat implementation impact BlackBerry Enterprise Ser
(Research In Motion)
Vulnerability Note VU#120541 SSL and TLS protocols renegotiation vulnerability
(US-CERT)
Privacy Statement
Copyright 2010, SecurityFocus
