Vulnerability & Exploit Database

Back to search

TLS Session Renegotiation Vulnerability

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:N/I:P/A:P) November 03, 2009 January 21, 2010 February 06, 2018

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

http-openssl-0_9_8-upgrade-0_9_8_m

Related Vulnerabilities