sledp3-compat-openssl097gSecurity update for OpenSSLSecurity update for OpenSSLThe TLS/SSLv3 protocol as implemented in openssl prior to
this update was not able to associate data to a
renegotiated connection. This allowed man-in-the-middle
attackers to inject HTTP requests in a HTTPS session
without being noticed. For example Apache's mod_ssl was
vulnerable to this kind of attack because it uses openssl.
Please note that renegotiation will be disabled by this
update and may cause problems in some cases.
(CVE-2009-3555: CVSS v2 Base Score: 6.4)
The TLS/SSLv3 protocol as implemented in openssl prior to
this update was not able to associate data to a
renegotiated connection. This allowed man-in-the-middle
attackers to inject HTTP requests in a HTTPS session
without being noticed. For example Apache's mod_ssl was
vulnerable to this kind of attack because it uses openssl.
Please note that renegotiation will be disabled by this
update and may cause problems in some cases.
(CVE-2009-3555: CVSS v2 Base Score: 6.4)
securitycompat-openssl097gi5867cd0550796bb42141cc419d1b38a7c4fd9ac5c71