Published: 2010-09-12T03:51+00:00 Last Updated: 2010-09-12T03:51+00:00

JVNTR-2010-22
SSL and TLS protocols renegotiation vulnerability (CVE-2009-3555, MS10-049, VU#120541)

Overview

A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.

Event Information

Date (UTC)	Description
2010-08-11 02:32	JPCERT/CC JPCERT-AT-2010-0020: August 2010 Microsoft Security Bulletin (including eight critical patches) Public notification for "Microsoft Security Bulletin Summary for Auguest 2010"
2010-08-10 19:22	US-CERT TA10-222A: Microsoft Updates for Multiple Vulnerabilities Technical Cyber Security Alert publised via US-CERT Mailing List. Public notification for "Microsoft Security Bulletin Summary for August 2010"
2010-08-10 17:53	Microsoft MS10-049: Microsoft Security Bulletin Summary for August 2010 Security Update (MS10-049) released.
2010-07-30 17:55	Microsoft ms10-aug: Microsoft Security Bulletin Advance Notification for August 2010 Advance notification for Security Update.
2010-03-30	Mozilla Foundation MFSA 2010-22: Update NSS to support TLS renegotiation indication Security Update (MFSA 2010-22) released.: Firefox 3.6.2/3.5.9, Thunderbird 3.0.4
2010-02-25 18:24	OpenSSL OpenSSL Security Advisory [11-Nov-2009]: OpenSSL 0.9.8m is now available, including important bug and security fixes OpenSSL 0.9.8m (Support for RFC5746 TLS renegotiation extension.) released.
2010-02-13	IETF draft-ietf-tls-renegotiation-03.txt: RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension
2010-02-09 20:04	Microsoft Microsoft Security Advisory (977377): Vulnerability in TLS/SSL Could Allow Spoofing Security Advisory (977377) published.
2010-01-04	IETF draft-ietf-tls-renegotiation-03.txt: Transport Layer Security (TLS) Renegotiation Indication Extension
2009-12-16	IETF draft-ietf-tls-renegotiation-02.txt: Transport Layer Security (TLS) Renegotiation Indication Extension
2009-11-26	IETF draft-ietf-tls-renegotiation-01.txt: Transport Layer Security (TLS) Renegotiation Indication Extension
2009-11-19	IETF draft-ietf-tls-renegotiation-00.txt: Transport Layer Security (TLS) Renegotiation Indication Extension
2009-11-11 15:50	OpenSSL OpenSSL Security Advisory [11-Nov-2009]: A potentially serious flaw in SSL and TLS has been worked around in OpenSSL 0.9.8l. OpenSSL 0.9.8l (Temporary work around for CVE-2009-3555: disable renegotiation.) released.
2009-11-06 23:01	US-CERT SSL and TLS Vulnerable to Man-in-the-middle Attacks US-CERT Current Activity Public notification for "Vulnerability within the SSL and TLS protocols".
2009-11-05 03:20	Authentication Gap in TLS Renegotiation Vulnerability proof-of-concept information posted to Web site.

Other Information

CVE	CVE-2009-3555