Users of Apache please be advised of a TLS renegotiation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-990-2: [USN-990-2] Apache TLS renegotiation vulnerability
advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds backported support
for the new RFC5746 renegotiation extension and will use it when both the
client and the server support it.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9vwVPP
No comments:
Post a Comment