|
|
|
|
| |
Credit:
The original article can be found at: http://www.securityfocus.com/bid/36935
The original article can be found at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
| |
Vulnerable Systems:
* Oracle Security Service 10.1.0.5,
* Oracle Security Service 10.2.0.3,
* Oracle Security Service 10.2.0.4,
* Oracle Security Service 10.2.0.5,
* Oracle Security Service 11.1.0.7,
* Oracle Security Service 11.2.0.1,
* Oracle Security Service 11.2.0.2
Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
Vendor Status:
Oracle as issued an update for this vulnerablity
Patch Availability:
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
CVE Information:
CVE-2009-3555
Disclosure Timeline:
2011-April-28 Rev 4. Fixed note for CVE-2010-4452; Modified CVSS scores and added notes for CVE-2011-0794 and CVE-2011-0808
2011-April-25 Rev 3. Fixed version number for CVE-2011-0860
2011-April-20 Rev 2. Modified CVSS score of CVE-2011-0856
2011-April-19 Rev 1. Initial Release
|
|
|
|
|
