Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22983
HistoryDec 22, 2009 - 12:00 a.m.

msgid:[email protected][email protected]&from=RedTeam%20Pentesting%20GmbH&folder=\\3APA3A\Bugtraq&subject=TLS%20Renegotiation%20Vulnerability:%20Proof

2009-12-2200:00:00
vulners.com
9
JSON

Information about a vulnerability in the TLS protocol was published in the
beginning of November 2009. Attackers can take advantage of that vulnerability
to inject arbitrary prefixes into a network connection protected by TLS. This
can result in severe vulnerabilities, depending on the application layer
protocol used over TLS.

RedTeam Pentesting used the Python module "TLS Lite" to develop proof of concept
code that exploits this vulnerability. It is published at

http://www.redteam-pentesting.de/publications/tls-renegotiation

to raise awareness for the vulnerability and its potential impact. Furthermore,
it shall give interested persons the opportunity to analyse applications
employing TLS for further vulnerabilities.

–
RedTeam Pentesting GmbH Tel.: +49 241 963-1300
Dennewartstr. 25-27 Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/
Germany Registergericht: Aachen HRB 14004
GeschΓ€ftsfΓΌhrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck

JSON