Lucene search

Veracode Vulnerability DatabaseVERACODE:23818

HistoryApr 10, 2020 - 12:36 a.m.

Man-in-the-Middle (MitM)

2020-04-1000:36:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

69.4%

JSON

httpd is vulnerable to man-in-the-middle (MitM). The vulnerability exists as a flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client’s session (for example, an HTTPS connection to a website). This could force the server to process an attacker’s request as if authenticated using the victim’s credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation.

CPENameOperatorVersion
httpdeq2.2.3__85.el5_10
httpdeq2.2.3__45.el5_6.1
httpdeq2.2.3__91.el5
httpdeq2.2.3__22.el5_3.1
httpdeq2.2.3__11.el5_2.4
httpdeq2.2.3__31.el5_4.2
httpdeq2.2.13__3.el5s2
httpdeq2.2.3__22.el5_3.2
httpdeq2.2.3__63.el5
httpdeq2.2.4__9.el5s2

Name	Operator	Version
httpd	eq	2.2.3__85.el5_10
httpd	eq	2.2.3__45.el5_6.1
httpd	eq	2.2.3__91.el5
httpd	eq	2.2.3__22.el5_3.1
httpd	eq	2.2.3__11.el5_2.4
httpd	eq	2.2.3__31.el5_4.2
httpd	eq	2.2.13__3.el5s2
httpd	eq	2.2.3__22.el5_3.2
httpd	eq	2.2.3__63.el5
httpd	eq	2.2.4__9.el5s2

Rows per page:

1-10 of 2581

References

archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

blogs.iss.net/archive/sslmitmiscsrf.html

blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

clicky.me/tlsvuln

extendedsubset.com/?p=8

extendedsubset.com/Renegotiating_TLS.pdf

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

kbase.redhat.com/faq/docs/DOC-20491

lists.apple.com/archives/security-announce/2010//May/msg00001.html

lists.apple.com/archives/security-announce/2010//May/msg00002.html

lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html

lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

marc.info/?l=bugtraq&m=126150535619567&w=2

marc.info/?l=bugtraq&m=127128920008563&w=2

marc.info/?l=bugtraq&m=127419602507642&w=2

marc.info/?l=bugtraq&m=127557596201693&w=2

marc.info/?l=bugtraq&m=130497311408250&w=2

marc.info/?l=bugtraq&m=132077688910227&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=134254866602253&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

marc.info/?l=cryptography&m=125752275331877&w=2

openbsd.org/errata45.html#010_openssl

openbsd.org/errata46.html#004_openssl

osvdb.org/60521

osvdb.org/60972

osvdb.org/62210

osvdb.org/65202

seclists.org/fulldisclosure/2009/Nov/139

secunia.com/advisories/37291

secunia.com/advisories/37292

secunia.com/advisories/37320

secunia.com/advisories/37383

secunia.com/advisories/37399

secunia.com/advisories/37453

secunia.com/advisories/37501

secunia.com/advisories/37504

secunia.com/advisories/37604

secunia.com/advisories/37640

secunia.com/advisories/37656

secunia.com/advisories/37675

secunia.com/advisories/37859

secunia.com/advisories/38003

secunia.com/advisories/38020

secunia.com/advisories/38056

secunia.com/advisories/38241

secunia.com/advisories/38484

secunia.com/advisories/38687

secunia.com/advisories/38781

secunia.com/advisories/39127

secunia.com/advisories/39136

secunia.com/advisories/39242

secunia.com/advisories/39243

secunia.com/advisories/39278

secunia.com/advisories/39292

secunia.com/advisories/39317

secunia.com/advisories/39461

secunia.com/advisories/39500

secunia.com/advisories/39628

secunia.com/advisories/39632

secunia.com/advisories/39713

secunia.com/advisories/39819

secunia.com/advisories/40070

secunia.com/advisories/40545

secunia.com/advisories/40747

secunia.com/advisories/40866

secunia.com/advisories/41480

secunia.com/advisories/41490

secunia.com/advisories/41818

secunia.com/advisories/41967

secunia.com/advisories/41972

secunia.com/advisories/42377

secunia.com/advisories/42379

secunia.com/advisories/42467

secunia.com/advisories/42724

secunia.com/advisories/42733

secunia.com/advisories/42808

secunia.com/advisories/42811

secunia.com/advisories/42816

secunia.com/advisories/43308

secunia.com/advisories/44183

secunia.com/advisories/44954

secunia.com/advisories/48577

security.gentoo.org/glsa/glsa-200912-01.xml

security.gentoo.org/glsa/glsa-201203-22.xml

security.gentoo.org/glsa/glsa-201406-32.xml

securitytracker.com/id?1023148

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

support.apple.com/kb/HT4004

support.apple.com/kb/HT4170

support.apple.com/kb/HT4171

support.avaya.com/css/P8/documents/100070150

support.avaya.com/css/P8/documents/100081611

support.avaya.com/css/P8/documents/100114315

support.avaya.com/css/P8/documents/100114327

support.citrix.com/article/CTX123359

support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES

support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

sysoev.ru/nginx/patch.cve-2009-3555.txt

tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

ubuntu.com/usn/usn-923-1

wiki.rpath.com/Advisories:rPSA-2009-0155

www-01.ibm.com/support/docview.wss?uid=swg1IC67848

www-01.ibm.com/support/docview.wss?uid=swg1IC68054

www-01.ibm.com/support/docview.wss?uid=swg1IC68055

www-01.ibm.com/support/docview.wss?uid=swg1PM12247

www-01.ibm.com/support/docview.wss?uid=swg21426108

www-01.ibm.com/support/docview.wss?uid=swg21432298

www-01.ibm.com/support/docview.wss?uid=swg24006386

www-01.ibm.com/support/docview.wss?uid=swg24025312

www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only

www.arubanetworks.com/support/alerts/aid-020810.txt

www.betanews.com/article/1257452450

www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

www.debian.org/security/2009/dsa-1934

www.debian.org/security/2011/dsa-2141

www.debian.org/security/2015/dsa-3253

www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

www.ietf.org/mail-archive/web/tls/current/msg03928.html

www.ietf.org/mail-archive/web/tls/current/msg03948.html

www.ingate.com/Relnote.php?ver=481

www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

www.kb.cert.org/vuls/id/120541

www.links.org/?p=780

www.links.org/?p=786

www.links.org/?p=789

www.mandriva.com/security/advisories?name=MDVSA-2010:076

www.mandriva.com/security/advisories?name=MDVSA-2010:084

www.mandriva.com/security/advisories?name=MDVSA-2010:089

www.mozilla.org/security/announce/2010/mfsa2010-22.html

www.openoffice.org/security/cves/CVE-2009-3555.html

www.openssl.org/news/secadv_20091111.txt

www.openwall.com/lists/oss-security/2009/11/05/3

www.openwall.com/lists/oss-security/2009/11/05/5

www.openwall.com/lists/oss-security/2009/11/06/3

www.openwall.com/lists/oss-security/2009/11/07/3

www.openwall.com/lists/oss-security/2009/11/20/1

www.openwall.com/lists/oss-security/2009/11/23/10

www.opera.com/docs/changelogs/unix/1060/

www.opera.com/support/search/view/944/

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2010-0119.html

www.redhat.com/support/errata/RHSA-2010-0130.html

www.redhat.com/support/errata/RHSA-2010-0155.html

www.redhat.com/support/errata/RHSA-2010-0165.html

www.redhat.com/support/errata/RHSA-2010-0167.html

www.redhat.com/support/errata/RHSA-2010-0337.html

www.redhat.com/support/errata/RHSA-2010-0338.html

www.redhat.com/support/errata/RHSA-2010-0339.html

www.redhat.com/support/errata/RHSA-2010-0768.html

www.redhat.com/support/errata/RHSA-2010-0770.html

www.redhat.com/support/errata/RHSA-2010-0786.html

www.redhat.com/support/errata/RHSA-2010-0807.html

www.redhat.com/support/errata/RHSA-2010-0865.html

www.redhat.com/support/errata/RHSA-2010-0986.html

www.redhat.com/support/errata/RHSA-2010-0987.html

www.redhat.com/support/errata/RHSA-2011-0880.html

www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

www.securityfocus.com/archive/1/507952/100/0/threaded

www.securityfocus.com/archive/1/508075/100/0/threaded

www.securityfocus.com/archive/1/508130/100/0/threaded

www.securityfocus.com/archive/1/515055/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/archive/1/522176

www.securityfocus.com/bid/36935

www.securitytracker.com/id?1023163

www.securitytracker.com/id?1023204

www.securitytracker.com/id?1023205

www.securitytracker.com/id?1023206

www.securitytracker.com/id?1023207

www.securitytracker.com/id?1023208

www.securitytracker.com/id?1023209

www.securitytracker.com/id?1023210

www.securitytracker.com/id?1023211

www.securitytracker.com/id?1023212

www.securitytracker.com/id?1023213

www.securitytracker.com/id?1023214

www.securitytracker.com/id?1023215

www.securitytracker.com/id?1023216

www.securitytracker.com/id?1023217

www.securitytracker.com/id?1023218

www.securitytracker.com/id?1023219

www.securitytracker.com/id?1023224

www.securitytracker.com/id?1023243

www.securitytracker.com/id?1023270

www.securitytracker.com/id?1023271

www.securitytracker.com/id?1023272

www.securitytracker.com/id?1023273

www.securitytracker.com/id?1023274

www.securitytracker.com/id?1023275

www.securitytracker.com/id?1023411

www.securitytracker.com/id?1023426

www.securitytracker.com/id?1023427

www.securitytracker.com/id?1023428

www.securitytracker.com/id?1024789

www.tombom.co.uk/blog/?p=85

www.ubuntu.com/usn/USN-1010-1

www.ubuntu.com/usn/USN-927-1

www.ubuntu.com/usn/USN-927-4

www.ubuntu.com/usn/USN-927-5

www.us-cert.gov/cas/techalerts/TA10-222A.html

www.us-cert.gov/cas/techalerts/TA10-287A.html

www.vmware.com/security/advisories/VMSA-2010-0019.html

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2009/3164

www.vupen.com/english/advisories/2009/3165

www.vupen.com/english/advisories/2009/3205

www.vupen.com/english/advisories/2009/3220

www.vupen.com/english/advisories/2009/3310

www.vupen.com/english/advisories/2009/3313

www.vupen.com/english/advisories/2009/3353

www.vupen.com/english/advisories/2009/3354

www.vupen.com/english/advisories/2009/3484

www.vupen.com/english/advisories/2009/3521

www.vupen.com/english/advisories/2009/3587

www.vupen.com/english/advisories/2010/0086

www.vupen.com/english/advisories/2010/0173

www.vupen.com/english/advisories/2010/0748

www.vupen.com/english/advisories/2010/0848

www.vupen.com/english/advisories/2010/0916

www.vupen.com/english/advisories/2010/0933

www.vupen.com/english/advisories/2010/0982

www.vupen.com/english/advisories/2010/0994

www.vupen.com/english/advisories/2010/1054

www.vupen.com/english/advisories/2010/1107

www.vupen.com/english/advisories/2010/1191

www.vupen.com/english/advisories/2010/1350

www.vupen.com/english/advisories/2010/1639

www.vupen.com/english/advisories/2010/1673

www.vupen.com/english/advisories/2010/1793

www.vupen.com/english/advisories/2010/2010

www.vupen.com/english/advisories/2010/2745

www.vupen.com/english/advisories/2010/3069

www.vupen.com/english/advisories/2010/3086

www.vupen.com/english/advisories/2010/3126

www.vupen.com/english/advisories/2011/0032

www.vupen.com/english/advisories/2011/0033

www.vupen.com/english/advisories/2011/0086

xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

access.redhat.com/errata/RHSA-2009:1579

access.redhat.com/errata/RHSA-2009:1580

access.redhat.com/errata/RHSA-2009:1694

access.redhat.com/errata/RHSA-2010:0011

access.redhat.com/errata/RHSA-2010:0119

access.redhat.com/errata/RHSA-2010:0130

access.redhat.com/errata/RHSA-2010:0155

access.redhat.com/errata/RHSA-2010:0162

access.redhat.com/errata/RHSA-2010:0163

access.redhat.com/errata/RHSA-2010:0164

access.redhat.com/errata/RHSA-2010:0165

access.redhat.com/errata/RHSA-2010:0166

access.redhat.com/errata/RHSA-2010:0167

access.redhat.com/errata/RHSA-2010:0337

access.redhat.com/errata/RHSA-2010:0338

access.redhat.com/errata/RHSA-2010:0339

access.redhat.com/errata/RHSA-2010:0408

access.redhat.com/errata/RHSA-2010:0440

access.redhat.com/errata/RHSA-2010:0768

access.redhat.com/errata/RHSA-2010:0770

access.redhat.com/errata/RHSA-2010:0786

access.redhat.com/errata/RHSA-2010:0807

access.redhat.com/errata/RHSA-2010:0865

access.redhat.com/errata/RHSA-2010:0986

access.redhat.com/errata/RHSA-2010:0987

access.redhat.com/errata/RHSA-2011:0880

access.redhat.com/errata/RHSA-2015:1591

access.redhat.com/security/cve/CVE-2009-3555

bugzilla.mozilla.org/show_bug.cgi?id=526689

bugzilla.mozilla.org/show_bug.cgi?id=545755

bugzilla.redhat.com/show_bug.cgi?id=533125

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

exchange.xforce.ibmcloud.com/vulnerabilities/54158

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

kb.bluecoat.com/index?page=content&id=SA50

lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535

support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html