csaf_redhat - rhsa-2010

rhsa-2010_0164

Vulnerability from csaf_redhat

Published

2010-03-25 09:20

Modified

2024-11-05 17:14

Summary

Red Hat Security Advisory: openssl097a security update

Notes

Topic

Updated openssl097a packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 All openssl097a users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the openssl097a library must be restarted, or the system rebooted.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openssl097a packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client\u0027s\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker\u0027s request as if authenticated using the\nvictim\u0027s credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0164",
        "url": "https://access.redhat.com/errata/RHSA-2010:0164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/docs/DOC-20491",
        "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
      },
      {
        "category": "external",
        "summary": "http://kbase.redhat.com/faq/docs/DOC-26039",
        "url": "http://kbase.redhat.com/faq/docs/DOC-26039"
      },
      {
        "category": "external",
        "summary": "533125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0164.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl097a security update",
    "tracking": {
      "current_release_date": "2024-11-05T17:14:43+00:00",
      "generator": {
        "date": "2024-11-05T17:14:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2010:0164",
      "initial_release_date": "2010-03-25T09:20:00+00:00",
      "revision_history": [
        {
          "date": "2010-03-25T09:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-03-25T05:20:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T17:14:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.i386",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.i386",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.src",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.src",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.ia64",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.ia64",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390x",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390x",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
                "product": {
                  "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
                  "product_id": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a-debuginfo@0.9.7a-9.el5_4.2?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390",
                "product": {
                  "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390",
                  "product_id": "openssl097a-0:0.9.7a-9.el5_4.2.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl097a@0.9.7a-9.el5_4.2?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.i386"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ia64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.s390",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390x"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.src"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-0:0.9.7a-9.el5_4.2.x86_64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.i386"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ia64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.s390",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390x"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.src"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-0:0.9.7a-9.el5_4.2.x86_64"
        },
        "product_reference": "openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64"
        },
        "product_reference": "openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3555",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "discovery_date": "2009-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "533125"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "TLS: MITM attacks via session renegotiation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.i386",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.src",
          "5Client:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
          "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.i386",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.src",
          "5Server:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
          "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3555"
        },
        {
          "category": "external",
          "summary": "RHBZ#533125",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555"
        }
      ],
      "release_date": "2009-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-03-25T09:20:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.i386",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.src",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.i386",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.src",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0164"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.i386",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.src",
            "5Client:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
            "5Client:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.i386",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ia64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.ppc64",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.s390x",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.src",
            "5Server:openssl097a-0:0.9.7a-9.el5_4.2.x86_64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.i386",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ia64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.ppc64",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.s390x",
            "5Server:openssl097a-debuginfo-0:0.9.7a-9.el5_4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "TLS: MITM attacks via session renegotiation"
    }
  ]
}

cve-2009-3555

Vulnerability from cvelistv5

Published

2009-11-09 17:00

Modified

2024-08-07 06:31

Severity ?

Summary

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

▼	URL	Tags
	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.securitytracker.com/id?1023427	vdb-entry, x_refsource_SECTRACK
	http://support.avaya.com/css/P8/documents/100081611	x_refsource_CONFIRM
	http://osvdb.org/62210	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/37640	third-party-advisory, x_refsource_SECUNIA
	http://www.arubanetworks.com/support/alerts/aid-020810.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0916	vdb-entry, x_refsource_VUPEN
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0167.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/2010	vdb-entry, x_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0086	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1673	vdb-entry, x_refsource_VUPEN
	http://www.ietf.org/mail-archive/web/tls/current/msg03948.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/37656	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/39628	third-party-advisory, x_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42724	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3310	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2009/3205	vdb-entry, x_refsource_VUPEN
	http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during	x_refsource_CONFIRM
	http://secunia.com/advisories/39461	third-party-advisory, x_refsource_SECUNIA
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://www.ingate.com/Relnote.php?ver=481	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023204	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/40866	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	third-party-advisory, x_refsource_CERT
	http://www.securitytracker.com/id?1023211	vdb-entry, x_refsource_SECTRACK
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/39317	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023212	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/39127	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/40545	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3069	vdb-entry, x_refsource_VUPEN
	http://openbsd.org/errata45.html#010_openssl	vendor-advisory, x_refsource_OPENBSD
	http://www.securitytracker.com/id?1023210	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1023270	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/40070	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023273	vdb-entry, x_refsource_SECTRACK
	http://kbase.redhat.com/faq/docs/DOC-20491	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-927-5	vendor-advisory, x_refsource_UBUNTU
	http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247	vendor-advisory, x_refsource_AIXAPAR
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:089	vendor-advisory, x_refsource_MANDRIVA
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://www.openssl.org/news/secadv_20091111.txt	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023275	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3253	vendor-advisory, x_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2009/3484	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023207	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/37859	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisory, x_refsource_HP
	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1	vendor-advisory, x_refsource_SUNALERT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0848	vdb-entry, x_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2009/11/07/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39819	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055	vendor-advisory, x_refsource_AIXAPAR
	http://www.links.org/?p=786	x_refsource_MISC
	http://osvdb.org/60521	vdb-entry, x_refsource_OSVDB
	http://www.openwall.com/lists/oss-security/2009/11/23/10	mailing-list, x_refsource_MLIST
	http://www.kb.cert.org/vuls/id/120541	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id?1023217	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/3353	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/39136	third-party-advisory, x_refsource_SECUNIA
	http://www.openoffice.org/security/cves/CVE-2009-3555.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0032	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1023148	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/36935	vdb-entry, x_refsource_BID
	http://www.tombom.co.uk/blog/?p=85	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2010/1107	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023218	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2010/1350	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0338.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/42379	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	vendor-advisory, x_refsource_FEDORA
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml	vendor-advisory, x_refsource_CISCO
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id?1023213	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/1793	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617	vdb-entry, signature, x_refsource_OVAL
	http://extendedsubset.com/?p=8	x_refsource_MISC
	http://secunia.com/advisories/37292	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/522176	vendor-advisory, x_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilities/54158	vdb-entry, x_refsource_XF
	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	vendor-advisory, x_refsource_APPLE
	http://secunia.com/advisories/39278	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023205	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0130.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisory, x_refsource_HP
	http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4004	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023215	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1023206	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200912-01.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=127419602507642&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3313	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1	vendor-advisory, x_refsource_SUNALERT
	http://www.securitytracker.com/id?1023208	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/43308	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023214	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/38781	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127419602507642&w=2	vendor-advisory, x_refsource_HP
	http://www.debian.org/security/2009/dsa-1934	vendor-advisory, x_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1023271	vdb-entry, x_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://marc.info/?l=cryptography&m=125752275331877&w=2	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/42467	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/508130/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1023224	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-927-4	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/41490	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/508075/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1023243	vdb-entry, x_refsource_SECTRACK
	http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html	x_refsource_MISC
	http://secunia.com/advisories/37504	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023219	vdb-entry, x_refsource_SECTRACK
	http://sysoev.ru/nginx/patch.cve-2009-3555.txt	x_refsource_CONFIRM
	http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html	x_refsource_MISC
	http://www.securitytracker.com/id?1023163	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=132077688910227&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3521	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973	vdb-entry, signature, x_refsource_OVAL
	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	vendor-advisory, x_refsource_HP
	http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=533125	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/44183	third-party-advisory, x_refsource_SECUNIA
	http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES	x_refsource_CONFIRM
	http://secunia.com/advisories/42808	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/39500	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578	vdb-entry, signature, x_refsource_OVAL
	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3220	vdb-entry, x_refsource_VUPEN
	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127557596201693&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0165.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/515055/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=545755	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://blogs.iss.net/archive/sslmitmiscsrf.html	x_refsource_MISC
	http://www.securitytracker.com/id?1023411	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0339.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/3164	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37383	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.ietf.org/mail-archive/web/tls/current/msg03928.html	mailing-list, x_refsource_MLIST
	http://marc.info/?l=bugtraq&m=127557596201693&w=2	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100070150	x_refsource_CONFIRM
	http://secunia.com/advisories/40747	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=126150535619567&w=2	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/522176	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/39292	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42816	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054	vendor-advisory, x_refsource_AIXAPAR
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1	vendor-advisory, x_refsource_SUNALERT
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html	vendor-advisory, x_refsource_FEDORA
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://extendedsubset.com/Renegotiating_TLS.pdf	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg24025312	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg24006386	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4170	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/507952/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1023209	vdb-entry, x_refsource_SECTRACK
	http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only	vendor-advisory, x_refsource_AIXAPAR
	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/48577	third-party-advisory, x_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	vendor-advisory, x_refsource_SLACKWARE
	http://www.links.org/?p=789	x_refsource_MISC
	http://www.opera.com/docs/changelogs/unix/1060/	x_refsource_CONFIRM
	http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2009/11/06/3	mailing-list, x_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html	vendor-advisory, x_refsource_FEDORA
	http://wiki.rpath.com/Advisories:rPSA-2009-0155	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://support.citrix.com/article/CTX123359	x_refsource_CONFIRM
	http://secunia.com/advisories/37501	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:076	vendor-advisory, x_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3587	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/39632	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=126150535619567&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/38687	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.mozilla.org/show_bug.cgi?id=526689	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049	vendor-advisory, x_refsource_MS
	http://www.vupen.com/english/advisories/2010/0982	vdb-entry, x_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/37399	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-927-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1023272	vdb-entry, x_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/3126	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37320	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3165	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1639	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/38020	third-party-advisory, x_refsource_SECUNIA
	http://ubuntu.com/usn/usn-923-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/39243	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/37453	third-party-advisory, x_refsource_SECUNIA
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0933	vdb-entry, x_refsource_VUPEN
	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	vendor-advisory, x_refsource_HP
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2141	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id?1024789	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0155.html	vendor-advisory, x_refsource_REDHAT
	http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0033	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0337.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1023216	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/41480	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0086	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/41818	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/37604	third-party-advisory, x_refsource_SECUNIA
	http://www.opera.com/support/search/view/944/	x_refsource_CONFIRM
	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.us-cert.gov/cas/techalerts/TA10-287A.html	third-party-advisory, x_refsource_CERT
	http://www.links.org/?p=780	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2010-0119.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/38056	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0748	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37675	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535	vdb-entry, signature, x_refsource_OVAL
	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisory, x_refsource_HP
	http://www.vmware.com/security/advisories/VMSA-2010-0019.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt	x_refsource_MISC
	http://secunia.com/advisories/38003	third-party-advisory, x_refsource_SECUNIA
	http://support.apple.com/kb/HT4171	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023428	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=132077688910227&w=2	vendor-advisory, x_refsource_HP
	http://www.openwall.com/lists/oss-security/2009/11/20/1	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/3354	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023274	vdb-entry, x_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/39242	third-party-advisory, x_refsource_SECUNIA
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://secunia.com/advisories/38241	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201203-22.xml	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2009/11/05/3	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://osvdb.org/60972	vdb-entry, x_refsource_OSVDB
	http://www.securitytracker.com/id?1023426	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/38484	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor-advisory, x_refsource_MANDRIVA
	http://www.betanews.com/article/1257452450	x_refsource_MISC
	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1	vendor-advisory, x_refsource_SUNALERT
	http://www.mozilla.org/security/announce/2010/mfsa2010-22.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://openbsd.org/errata46.html#004_openssl	vendor-advisory, x_refsource_OPENBSD
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/1191	vdb-entry, x_refsource_VUPEN
	http://seclists.org/fulldisclosure/2009/Nov/139	mailing-list, x_refsource_FULLDISC
	https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2009/11/05/5	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39713	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42733	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/37291	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1	vendor-advisory, x_refsource_SUNALERT
	http://www.vupen.com/english/advisories/2010/0994	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/0173	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1054	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/65202	vdb-entry, x_refsource_OSVDB
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041	vendor-advisory, x_refsource_HP
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA
	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html	mailing-list, x_refsource_MLIST
	http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html	mailing-list, x_refsource_BUGTRAQ
	http://clicky.me/tlsvuln	x_refsource_MISC
	http://secunia.com/advisories/42811	third-party-advisory, x_refsource_SECUNIA
	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website