jetlib.sec » Tags » tls

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

165 items tagged "tls"

Related tags: protocol [+], gnutls [+], ubuntu [+], nss [+], renegotiation [+], vulnerability [+], transport layer security [+], service vulnerability [+], security [+], red hat security [+], cryptographic algorithms [+], client [+], security vulnerability [+], vendor [+], multiple [+], tcp [+], record [+], memory corruption [+], heap memory [+], asterisk [+], smtp [+], nspr [+], mutt [+], failure [+], ssl [+], validity [+], tls extension [+], smtp server [+], peter eckersley [+], observatory [+], matthew hall [+], jesse burns [+], https certificates [+], electronic frontier foundation [+], chaos communication congress [+], buffer overrun [+], attacker [+], array bounds [+], apache http server [+], alban crequy [+], windows 2000 [+], usn [+], translation engine [+], sslsplit [+], risk [+], report [+], null pointer [+], network security services [+], network forensics [+], network address translation [+], netscape [+], miranda [+], hardenssl [+], compatibility report [+], comms [+], ciphers [+], cipher [+], certificate revocation list [+], based buffer overflow [+], attack [+], vector implementation [+], tls protocol [+], information disclosure vulnerability [+], xmpp [+], wlan [+], transition package [+], series [+], security component [+], ngircd [+], mitm [+], jabber protocol [+], ettercap [+], cisco [+], bugtraq [+], audit [+], asa [+], aruba [+], apache [+], advisory id [+], advisory [+], Support [+], Software [+], Newbie [+], Area [+], tls server [+], steve dispensa [+], sslv3 [+], server [+], openssl [+], marsh ray [+], man in the middle attack [+], server extension [+], buffer overflow vulnerability [+], update [+], denial of service [+]

• May 12, 2012
• 11:22

  SSLsplit 0.4.4

   » ‎ Packet Storm Security Recent Files
  SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

  Tags:  tls sslsplit ssl network-address-translation network-forensics translation-engine  

• 11:22

  SSLsplit 0.4.4

   » ‎ Packet Storm Security Misc. Files
  SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

  Tags:  tls sslsplit ssl network-address-translation network-forensics translation-engine  

• May 09, 2012
• 0:00

  Vuln: GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

  Tags:  gnutls tls record heap-memory memory-corruption vulnerability  

• May 03, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• May 02, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• April 24, 2012
• 21:38

  [Video] Is the SSLiverse a safe place?

   » ‎ SecDocs
  Authors: Jesse Burns Peter Eckersley
  Tags: X.509 SSL
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.

  Tags:  observatory tls ssl jesse-burns peter-eckersley chaos-communication-congress electronic-frontier-foundation https-certificates  

• 21:38

  [Slides] Is the SSLiverse a safe place?

   » ‎ SecDocs
  Authors: Jesse Burns Peter Eckersley
  Tags: X.509 SSL
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.

  Tags:  observatory tls ssl jesse-burns peter-eckersley chaos-communication-congress electronic-frontier-foundation https-certificates  

• April 23, 2012
• 21:51

  [Audio] Is the SSLiverse a safe place?

   » ‎ SecDocs
  Authors: Jesse Burns Peter Eckersley
  Tags: X.509 SSL
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. TLS/SSL is only as good as your mechanism for verifying the other party, and it turns out that with HTTPS and other CA-certified applications of TLS, that mechanism involves trusting a lot of governments, companies and individuals. The SSL observatory is a project to bring more transparency to SSL Certificate Authorities, and help understand who really controls the web's cryptographic authentication infrastructure. The Observatory is an Electronic Frontier Foundation (EFF) project that began by surveying port 443 of all public IPv4 space. At Defcon 2010, we reported the initial findings of the SSL Observatory. That included thousands of valid 'localhost' certificates, certificates with weak keys, CA certs sharing keys and with suspicious expiration dates, and the fact that there are approximately 650 organisations that can sign a certificate for any domain that will be trusted by modern desktop browsers, including some that you might regard as untrustworthy. In this talk we will give an update on new developments in the project, including where to find a copy of our data and how to work with it for your own research; the progress made at fixing some of the vulnerabilities we found; and our design for a new, decentralised version of the SSL Observatory.

  Tags:  observatory tls ssl jesse-burns peter-eckersley chaos-communication-congress electronic-frontier-foundation https-certificates  

• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• April 16, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• 0:00

  Vuln: GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

  Tags:  gnutls tls record heap-memory memory-corruption vulnerability  

• April 11, 2012
• 0:00

  Vuln: GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

  Tags:  gnutls tls record heap-memory memory-corruption vulnerability  

• April 05, 2012
• 18:31

  Ubuntu Security Notice USN-1418-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

  Tags:  tls ubuntu client alban-crequy matthew-hall array-bounds denial-of-service  

• 18:31

  Ubuntu Security Notice USN-1418-1

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

  Tags:  tls ubuntu client alban-crequy matthew-hall array-bounds denial-of-service  

• 18:31

  Ubuntu Security Notice USN-1418-1

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

  Tags:  tls ubuntu client alban-crequy matthew-hall array-bounds denial-of-service  

• April 03, 2012
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 02, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• March 29, 2012
• 0:00

  Vuln: GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

  Tags:  gnutls tls record heap-memory memory-corruption vulnerability  

• March 28, 2012
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 27, 2012
• 19:06

  Red Hat Security Advisory 2012-0429-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

  Tags:  tls client ssl transport-layer-security red-hat-security cryptographic-algorithms  

• 19:06

  Red Hat Security Advisory 2012-0429-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

  Tags:  tls client ssl transport-layer-security red-hat-security cryptographic-algorithms  

• 19:06

  Red Hat Security Advisory 2012-0429-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

  Tags:  tls client ssl transport-layer-security red-hat-security cryptographic-algorithms  

• 19:05

  Red Hat Security Advisory 2012-0428-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.

  Tags:  gnutls tls security transport-layer-security red-hat-security cryptographic-algorithms  

• 19:05

  Red Hat Security Advisory 2012-0428-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.

  Tags:  gnutls tls security transport-layer-security red-hat-security cryptographic-algorithms  

• 19:05

  Red Hat Security Advisory 2012-0428-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.

  Tags:  gnutls tls security transport-layer-security red-hat-security cryptographic-algorithms  

• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• March 26, 2012
• 0:00

  Vuln: GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability

  Tags:  gnutls tls record heap-memory memory-corruption vulnerability  

• March 16, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• March 09, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• March 06, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• February 17, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• February 07, 2012
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• February 02, 2012
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• January 25, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• January 18, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• January 11, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• January 10, 2012
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• December 22, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• December 21, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• December 20, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• December 06, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• November 22, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• November 16, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• November 05, 2011
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• October 20, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• October 19, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• October 12, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• October 10, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• September 30, 2011
• 7:22

  TLS/SSL Hardening And Compatibility Report

   » ‎ Packet Storm Security Recent Files
  This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

  Tags:  tls report ssl compatibility-report cipher netscape  

• 7:22

  TLS/SSL Hardening And Compatibility Report

   » ‎ Packet Storm Security Misc. Files
  This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

  Tags:  tls report ssl compatibility-report cipher netscape  

• 0:00

  Vuln: Mutt SMTP TLS Certificate Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mutt SMTP TLS Certificate Security Bypass Vulnerability

  Tags:  mutt tls smtp vulnerability  

• September 27, 2011
• 0:00

  Vuln: SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability

  Tags:  protocol tls ssl information-disclosure-vulnerability vector-implementation tls-protocol  

• September 20, 2011
• 23:53

  SSL/TLS Attack Put Secure Comms At Risk

   » ‎ Packet Storm Security Headlines
  SSL/TLS Attack Put Secure Comms At Risk

  Tags:  tls attack ssl comms risk  

• 23:53

  SSL/TLS Attack Puts Secure Comms At Risk

   » ‎ Packet Storm Security Headlines
  SSL/TLS Attack Puts Secure Comms At Risk

  Tags:  tls attack ssl comms risk  

• September 14, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• June 07, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 12, 2011
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• May 09, 2011
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• April 26, 2011
• 0:00

  Vuln: Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability

  Tags:  tcp tls asterisk service-vulnerability null-pointer denial-of-service  

• April 12, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 29, 2011
• 0:00

  Vuln: Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Asterisk TCP/TLS Server NULL Pointer Dereference Denial Of Service Vulnerability

  Tags:  tcp tls asterisk service-vulnerability null-pointer denial-of-service  

• March 17, 2011
• 6:53

  Asterisk TCP/TLS Server Remote Crash

   » ‎ Packet Storm Security Advisories
  Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

  Tags:  tcp tls asterisk service-vulnerability tls-server denial-of-service  

• 6:53

  Asterisk TCP/TLS Server Remote Crash

   » ‎ Packet Storm Security Recent Files
  Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

  Tags:  tcp tls asterisk service-vulnerability tls-server denial-of-service  

• 6:53

  Asterisk TCP/TLS Server Remote Crash

   » ‎ Packet Storm Security Misc. Files
  Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

  Tags:  tcp tls asterisk service-vulnerability tls-server denial-of-service  

• March 09, 2011
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• March 07, 2011
• 10:44

  Mutt SMTP TLS Verification Failure

   » ‎ Packet Storm Security Advisories
  It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.

  Tags:  mutt tls smtp smtp-server validity failure  

• 10:44

  Mutt SMTP TLS Verification Failure

   » ‎ Packet Storm Security Recent Files
  It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.

  Tags:  mutt tls smtp smtp-server validity failure  

• 10:44

  Mutt SMTP TLS Verification Failure

   » ‎ Packet Storm Security Misc. Files
  It would appear that Mutt fails to check the validity of a SMTP server's certificate during a TLS connection.

  Tags:  mutt tls smtp smtp-server validity failure  

• March 03, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 20, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 13, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 06, 2011
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• December 22, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• December 17, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• December 07, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• November 30, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• November 29, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• November 26, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• November 23, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• November 22, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• November 19, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• November 18, 2010
• 0:00

  Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability

  Tags:  server tls openssl buffer-overflow-vulnerability tls-server server-extension  

• November 17, 2010
• 16:30

  OpenSSL Security Advisory - TLS Extension Race Condition

   » ‎ Packet Storm Security Advisories
  A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.

  Tags:  server tls openssl tls-extension apache-http-server buffer-overrun  

• 16:30

  OpenSSL Security Advisory - TLS Extension Race Condition

   » ‎ Packet Storm Security Recent Files
  A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.

  Tags:  server tls openssl tls-extension apache-http-server buffer-overrun  

• 16:30

  OpenSSL Security Advisory - TLS Extension Race Condition

   » ‎ Packet Storm Security Misc. Files
  A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected.

  Tags:  server tls openssl tls-extension apache-http-server buffer-overrun  

• October 29, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 25, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 21, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 20, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 19, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 18, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 13, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• October 12, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• September 30, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• September 21, 2010
• 18:00

  USN-990-1.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 990-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

  Tags:  tls attacker Support marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 18:00

  USN-990-2.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 990-2 - USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.

  Tags:  tls renegotiation apache marsh-ray steve-dispensa sslv3 man-in-the-middle-attack  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• September 16, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• August 11, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• August 10, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• August 04, 2010
• 0:00

  Vuln: Cisco ASA 5500 Series TLS Packet CVE-2010-1581 Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Cisco ASA 5500 Series TLS Packet CVE-2010-1581 Denial of Service Vulnerability

  Tags:  series asa cisco service-vulnerability denial-of-service tls  

• July 23, 2010
• 13:36

  USN-927-8.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 13:34

  USN-927-8.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 12:03

  USN-927-6.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls ubuntu update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 12:03

  USN-927-7.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa nspr sslv3 man-in-the-middle-attack  

• 12:03

  USN-927-6.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls ubuntu update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 12:03

  USN-927-7.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa nspr sslv3 man-in-the-middle-attack  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• July 22, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• July 21, 2010
• 0:00

  Vuln: ngIRCd SSL/TLS Support MOTD Request Multiple Denial Of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  ngIRCd SSL/TLS Support MOTD Request Multiple Denial Of Service Vulnerabilities

  Tags:  ngircd tls ssl denial-of-service  

• July 13, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• June 29, 2010
• 21:05

  USN-927-4.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls ubuntu update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 21:05

  USN-927-5.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa nspr sslv3 man-in-the-middle-attack  

• 21:02

  USN-927-4.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls ubuntu update marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 21:02

  USN-927-5.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss update marsh-ray steve-dispensa nspr sslv3 man-in-the-middle-attack  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• June 07, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• June 02, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 31, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 25, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 20, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 18, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 11, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 07, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 04, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• May 03, 2010
• 17:00

  MDVSA-2010-089.txt

   » ‎ Packet Storm Security Recent Files
  Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.

  Tags:  tls ssl security network-security-services certificate-revocation-list based-buffer-overflow  

• 17:00

  MDVSA-2010-089.txt

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2010-089 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.

  Tags:  tls ssl security network-security-services certificate-revocation-list based-buffer-overflow  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 26, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 23, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 19, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 14, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 12, 2010
• 18:00

  USN-927-3.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-3 - USN-927-1 fixed vulnerabilities in NSS. Due to upstream changes in NSS 3.12.6, Thunderbird would be unable to initialize the security component and connect with SSL/TLS if the old libnss3-0d transition package was installed. This update fixes the problem. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls nss security marsh-ray steve-dispensa transition-package security-component sslv3  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 09, 2010
• 22:00

  USN-927-1.txt

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls attacker usn marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• 22:00

  USN-927-1.txt

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.

  Tags:  tls attacker usn marsh-ray steve-dispensa sslv3 man-in-the-middle-attack renegotiation  

• April 07, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• April 06, 2010
• 10:00

  Bugtraq: Miranda TLS MitM with XMPP/Jabber protocol

   » ‎ SecurityFocus Vulnerabilities
  Miranda TLS MitM with XMPP/Jabber protocol

  Tags:  mitm tls miranda jabber-protocol xmpp  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 31, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 25, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 23, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 17, 2010
• 11:00

  Bugtraq: Miranda IM silent TLS failure

   » ‎ SecurityFocus Vulnerabilities
  Miranda IM silent TLS failure

  Tags:  bugtraq tls failure miranda  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 11, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 10, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 08, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 03, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 02, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• March 01, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 24, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 23, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 17, 2010
• 19:01

  HardenSSL.zip

   » ‎ Packet Storm Security Tools
  Harden SSL/TLS hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.

  Tags:  tls hardenssl ssl ciphers windows-2000  

• 19:01

  HardenSSL.zip

   » ‎ Packet Storm Security Recent Files
  Harden SSL/TLS hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.

  Tags:  tls hardenssl ssl ciphers windows-2000  

• February 11, 2010
• 19:00

  SSL/TLS Audit

   » ‎ darkc0de
  SSL/TLS Audit

  Tags:  tls ssl audit  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 09, 2010
• 9:00

  Bugtraq: Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  protocol advisory tls aruba security-vulnerability advisory-id renegotiation  

• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 08, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• February 05, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 29, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 25, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol  

• January 24, 2010
• 9:19

  is there any software that can sniff SSL3,TLS like ettercap

   » ‎ remote-exploit & backtrack
  is there any software that can sniff SSL3,TLS like ettercap from wLAN...or ettercap is the one and only

  Tags:  ettercap ssl Software tls wlan Newbie Area  

• January 21, 2010
• 0:00

  Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability

  Tags:  multiple tls vendor security-vulnerability renegotiation protocol