Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2011.2141
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2141-2)
Summary:	The remote host is missing an update for the Debian 'nss' package(s) announced via the DSA-2141-2 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'nss' package(s) announced via the DSA-2141-2 advisory. Vulnerability Insight: DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 (openssl), DSA 2141-2 (nss), DSA 2141-3 (apache2), and DSA 2141-4 (lighttpd). This page only covers the first part, openssl. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~ lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180 In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite. For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11. For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4. We recommend that you upgrade your openssl package. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'nss' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3555 1021653 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 1021752 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 1023148 http://securitytracker.com/id?1023148 1023163 http://www.securitytracker.com/id?1023163 1023204 http://www.securitytracker.com/id?1023204 1023205 http://www.securitytracker.com/id?1023205 1023206 http://www.securitytracker.com/id?1023206 1023207 http://www.securitytracker.com/id?1023207 1023208 http://www.securitytracker.com/id?1023208 1023209 http://www.securitytracker.com/id?1023209 1023210 http://www.securitytracker.com/id?1023210 1023211 http://www.securitytracker.com/id?1023211 1023212 http://www.securitytracker.com/id?1023212 1023213 http://www.securitytracker.com/id?1023213 1023214 http://www.securitytracker.com/id?1023214 1023215 http://www.securitytracker.com/id?1023215 1023216 http://www.securitytracker.com/id?1023216 1023217 http://www.securitytracker.com/id?1023217 1023218 http://www.securitytracker.com/id?1023218 1023219 http://www.securitytracker.com/id?1023219 1023224 http://www.securitytracker.com/id?1023224 1023243 http://www.securitytracker.com/id?1023243 1023270 http://www.securitytracker.com/id?1023270 1023271 http://www.securitytracker.com/id?1023271 1023272 http://www.securitytracker.com/id?1023272 1023273 http://www.securitytracker.com/id?1023273 1023274 http://www.securitytracker.com/id?1023274 1023275 http://www.securitytracker.com/id?1023275 1023411 http://www.securitytracker.com/id?1023411 1023426 http://www.securitytracker.com/id?1023426 1023427 http://www.securitytracker.com/id?1023427 1023428 http://www.securitytracker.com/id?1023428 1024789 http://www.securitytracker.com/id?1024789 20091109 Transport Layer Security Renegotiation Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml 20091111 Re: SSL/TLS MiTM PoC http://seclists.org/fulldisclosure/2009/Nov/139 20091118 TLS / SSLv3 vulnerability explained (DRAFT) http://www.securityfocus.com/archive/1/507952/100/0/threaded 20091124 rPSA-2009-0155-1 httpd mod_ssl http://www.securityfocus.com/archive/1/508075/100/0/threaded 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) http://www.securityfocus.com/archive/1/508130/100/0/threaded 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html 273029 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 273350 http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 274990 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 36935 http://www.securityfocus.com/bid/36935 37291 http://secunia.com/advisories/37291 37292 http://secunia.com/advisories/37292 37320 http://secunia.com/advisories/37320 37383 http://secunia.com/advisories/37383 37399 http://secunia.com/advisories/37399 37453 http://secunia.com/advisories/37453 37501 http://secunia.com/advisories/37501 37504 http://secunia.com/advisories/37504 37604 http://secunia.com/advisories/37604 37640 http://secunia.com/advisories/37640 37656 http://secunia.com/advisories/37656 37675 http://secunia.com/advisories/37675 37859 http://secunia.com/advisories/37859 38003 http://secunia.com/advisories/38003 38020 http://secunia.com/advisories/38020 38056 http://secunia.com/advisories/38056 38241 http://secunia.com/advisories/38241 38484 http://secunia.com/advisories/38484 38687 http://secunia.com/advisories/38687 38781 http://secunia.com/advisories/38781 39127 http://secunia.com/advisories/39127 39136 http://secunia.com/advisories/39136 39242 http://secunia.com/advisories/39242 39243 http://secunia.com/advisories/39243 39278 http://secunia.com/advisories/39278 39292 http://secunia.com/advisories/39292 39317 http://secunia.com/advisories/39317 39461 http://secunia.com/advisories/39461 39500 http://secunia.com/advisories/39500 39628 http://secunia.com/advisories/39628 39632 http://secunia.com/advisories/39632 39713 http://secunia.com/advisories/39713 39819 http://secunia.com/advisories/39819 40070 http://secunia.com/advisories/40070 40545 http://secunia.com/advisories/40545 40747 http://secunia.com/advisories/40747 40866 http://secunia.com/advisories/40866 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 41818 http://secunia.com/advisories/41818 41967 http://secunia.com/advisories/41967 41972 http://secunia.com/advisories/41972 42377 http://secunia.com/advisories/42377 42379 http://secunia.com/advisories/42379 42467 http://secunia.com/advisories/42467 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 42808 http://secunia.com/advisories/42808 42811 http://secunia.com/advisories/42811 42816 http://secunia.com/advisories/42816 43308 http://secunia.com/advisories/43308 44183 http://secunia.com/advisories/44183 44954 http://secunia.com/advisories/44954 48577 http://secunia.com/advisories/48577 60521 http://osvdb.org/60521 60972 http://osvdb.org/60972 62210 http://osvdb.org/62210 65202 http://osvdb.org/65202 ADV-2009-3164 http://www.vupen.com/english/advisories/2009/3164 ADV-2009-3165 http://www.vupen.com/english/advisories/2009/3165 ADV-2009-3205 http://www.vupen.com/english/advisories/2009/3205 ADV-2009-3220 http://www.vupen.com/english/advisories/2009/3220 ADV-2009-3310 http://www.vupen.com/english/advisories/2009/3310 ADV-2009-3313 http://www.vupen.com/english/advisories/2009/3313 ADV-2009-3353 http://www.vupen.com/english/advisories/2009/3353 ADV-2009-3354 http://www.vupen.com/english/advisories/2009/3354 ADV-2009-3484 http://www.vupen.com/english/advisories/2009/3484 ADV-2009-3521 http://www.vupen.com/english/advisories/2009/3521 ADV-2009-3587 http://www.vupen.com/english/advisories/2009/3587 ADV-2010-0086 http://www.vupen.com/english/advisories/2010/0086 ADV-2010-0173 http://www.vupen.com/english/advisories/2010/0173 ADV-2010-0748 http://www.vupen.com/english/advisories/2010/0748 ADV-2010-0848 http://www.vupen.com/english/advisories/2010/0848 ADV-2010-0916 http://www.vupen.com/english/advisories/2010/0916 ADV-2010-0933 http://www.vupen.com/english/advisories/2010/0933 ADV-2010-0982 http://www.vupen.com/english/advisories/2010/0982 ADV-2010-0994 http://www.vupen.com/english/advisories/2010/0994 ADV-2010-1054 http://www.vupen.com/english/advisories/2010/1054 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-1191 http://www.vupen.com/english/advisories/2010/1191 ADV-2010-1350 http://www.vupen.com/english/advisories/2010/1350 ADV-2010-1639 http://www.vupen.com/english/advisories/2010/1639 ADV-2010-1673 http://www.vupen.com/english/advisories/2010/1673 ADV-2010-1793 http://www.vupen.com/english/advisories/2010/1793 ADV-2010-2010 http://www.vupen.com/english/advisories/2010/2010 ADV-2010-2745 http://www.vupen.com/english/advisories/2010/2745 ADV-2010-3069 http://www.vupen.com/english/advisories/2010/3069 ADV-2010-3086 http://www.vupen.com/english/advisories/2010/3086 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 ADV-2011-0032 http://www.vupen.com/english/advisories/2011/0032 ADV-2011-0033 http://www.vupen.com/english/advisories/2011/0033 ADV-2011-0086 http://www.vupen.com/english/advisories/2011/0086 APPLE-SA-2010-01-19-1 http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html APPLE-SA-2010-05-18-1 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html APPLE-SA-2010-05-18-2 http://lists.apple.com/archives/security-announce/2010//May/msg00002.html DSA-1934 http://www.debian.org/security/2009/dsa-1934 DSA-2141 http://www.debian.org/security/2011/dsa-2141 DSA-3253 http://www.debian.org/security/2015/dsa-3253 FEDORA-2009-12229 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html FEDORA-2009-12305 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html FEDORA-2009-12604 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html FEDORA-2009-12606 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html FEDORA-2009-12750 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html FEDORA-2009-12775 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html FEDORA-2009-12782 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html FEDORA-2009-12968 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html FEDORA-2010-16240 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html FEDORA-2010-16294 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html FEDORA-2010-16312 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html FEDORA-2010-5357 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html FEDORA-2010-5942 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html FEDORA-2010-6131 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml GLSA-201406-32 http://security.gentoo.org/glsa/glsa-201406-32.xml HPSBGN02562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 HPSBHF02706 http://marc.info/?l=bugtraq&m=132077688910227&w=2 HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPSBMA02534 http://marc.info/?l=bugtraq&m=127419602507642&w=2 HPSBMA02547 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 HPSBMU02759 http://www.securityfocus.com/archive/1/522176 HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBUX02482 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 HPSBUX02498 http://marc.info/?l=bugtraq&m=126150535619567&w=2 HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPSBUX02524 http://marc.info/?l=bugtraq&m=127557596201693&w=2 IC67848 http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 IC68054 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 IC68055 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 MDVSA-2010:076 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 MDVSA-2010:089 http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 MS10-049 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 PM00675 http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only PM12247 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 RHSA-2010:0119 http://www.redhat.com/support/errata/RHSA-2010-0119.html RHSA-2010:0130 http://www.redhat.com/support/errata/RHSA-2010-0130.html RHSA-2010:0155 http://www.redhat.com/support/errata/RHSA-2010-0155.html RHSA-2010:0165 http://www.redhat.com/support/errata/RHSA-2010-0165.html RHSA-2010:0167 http://www.redhat.com/support/errata/RHSA-2010-0167.html RHSA-2010:0337 http://www.redhat.com/support/errata/RHSA-2010-0337.html RHSA-2010:0338 http://www.redhat.com/support/errata/RHSA-2010-0338.html RHSA-2010:0339 http://www.redhat.com/support/errata/RHSA-2010-0339.html RHSA-2010:0768 http://www.redhat.com/support/errata/RHSA-2010-0768.html RHSA-2010:0770 http://www.redhat.com/support/errata/RHSA-2010-0770.html RHSA-2010:0786 http://www.redhat.com/support/errata/RHSA-2010-0786.html RHSA-2010:0807 http://www.redhat.com/support/errata/RHSA-2010-0807.html RHSA-2010:0865 http://www.redhat.com/support/errata/RHSA-2010-0865.html RHSA-2010:0986 http://www.redhat.com/support/errata/RHSA-2010-0986.html RHSA-2010:0987 http://www.redhat.com/support/errata/RHSA-2010-0987.html RHSA-2011:0880 http://www.redhat.com/support/errata/RHSA-2011-0880.html SSA:2009-320-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 SSRT090180 SSRT090208 SSRT090249 SSRT090264 SSRT100058 SSRT100089 SSRT100179 SSRT100219 SSRT100613 SSRT100817 SSRT100825 SSRT101846 SUSE-SA:2009:057 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html SUSE-SA:2010:061 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SUSE-SR:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SUSE-SR:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html TA10-222A http://www.us-cert.gov/cas/techalerts/TA10-222A.html TA10-287A http://www.us-cert.gov/cas/techalerts/TA10-287A.html USN-1010-1 http://www.ubuntu.com/usn/USN-1010-1 USN-923-1 http://ubuntu.com/usn/usn-923-1 USN-927-1 http://www.ubuntu.com/usn/USN-927-1 USN-927-4 http://www.ubuntu.com/usn/USN-927-4 USN-927-5 http://www.ubuntu.com/usn/USN-927-5 VU#120541 http://www.kb.cert.org/vuls/id/120541 [4.5] 010: SECURITY FIX: November 26, 2009 http://openbsd.org/errata45.html#010_openssl [4.6] 004: SECURITY FIX: November 26, 2009 http://openbsd.org/errata46.html#004_openssl [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 [cryptography] 20091105 OpenSSL 0.9.8l released http://marc.info/?l=cryptography&m=125752275331877&w=2 [gnutls-devel] 20091105 Re: TLS renegotiation MITM http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/05/3 [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/05/5 [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/06/3 [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/07/3 [oss-security] 20091120 CVEs for nginx http://www.openwall.com/lists/oss-security/2009/11/20/1 [oss-security] 20091123 Re: CVEs for nginx http://www.openwall.com/lists/oss-security/2009/11/23/10 [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation http://www.ietf.org/mail-archive/web/tls/current/msg03928.html [tls] 20091104 TLS renegotiation issue http://www.ietf.org/mail-archive/web/tls/current/msg03948.html [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html http://blogs.iss.net/archive/sslmitmiscsrf.html http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during http://clicky.me/tlsvuln http://extendedsubset.com/?p=8 http://extendedsubset.com/Renegotiating_TLS.pdf http://kbase.redhat.com/faq/docs/DOC-20491 http://support.apple.com/kb/HT4004 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://support.avaya.com/css/P8/documents/100070150 http://support.avaya.com/css/P8/documents/100081611 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100114327 http://support.citrix.com/article/CTX123359 http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released http://sysoev.ru/nginx/patch.cve-2009-3555.txt http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html http://wiki.rpath.com/Advisories:rPSA-2009-0155 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss?uid=swg21432298 http://www-01.ibm.com/support/docview.wss?uid=swg24006386 http://www-01.ibm.com/support/docview.wss?uid=swg24025312 http://www.arubanetworks.com/support/alerts/aid-020810.txt http://www.betanews.com/article/1257452450 http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html http://www.ingate.com/Relnote.php?ver=481 http://www.links.org/?p=780 http://www.links.org/?p=786 http://www.links.org/?p=789 http://www.mozilla.org/security/announce/2010/mfsa2010-22.html http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openssl.org/news/secadv_20091111.txt http://www.opera.com/docs/changelogs/unix/1060/ http://www.opera.com/support/search/view/944/ http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html http://www.tombom.co.uk/blog/?p=85 http://www.vmware.com/security/advisories/VMSA-2010-0019.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html https://bugzilla.mozilla.org/show_bug.cgi?id=526689 https://bugzilla.mozilla.org/show_bug.cgi?id=545755 https://bugzilla.redhat.com/show_bug.cgi?id=533125 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 https://kb.bluecoat.com/index?page=content&id=SA50 https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:10088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 oval:org.mitre.oval:def:11578 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 oval:org.mitre.oval:def:11617 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 oval:org.mitre.oval:def:7315 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 oval:org.mitre.oval:def:7478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 oval:org.mitre.oval:def:7973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 oval:org.mitre.oval:def:8366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 oval:org.mitre.oval:def:8535 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 tls-renegotiation-weak-security(54158) https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 Common Vulnerability Exposure (CVE) ID: CVE-2010-4180 1024822 http://www.securitytracker.com/id?1024822 42469 http://secunia.com/advisories/42469 42473 http://secunia.com/advisories/42473 42493 http://secunia.com/advisories/42493 42571 http://secunia.com/advisories/42571 42620 http://secunia.com/advisories/42620 42877 http://secunia.com/advisories/42877 43169 http://secunia.com/advisories/43169 43170 http://secunia.com/advisories/43170 43171 http://secunia.com/advisories/43171 43172 http://secunia.com/advisories/43172 43173 http://secunia.com/advisories/43173 44269 http://secunia.com/advisories/44269 45164 http://www.securityfocus.com/bid/45164 69565 http://osvdb.org/69565 ADV-2010-3120 http://www.vupen.com/english/advisories/2010/3120 ADV-2010-3122 http://www.vupen.com/english/advisories/2010/3122 ADV-2010-3134 http://www.vupen.com/english/advisories/2010/3134 ADV-2010-3188 http://www.vupen.com/english/advisories/2010/3188 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 ADV-2011-0268 http://www.vupen.com/english/advisories/2011/0268 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html FEDORA-2010-18736 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html FEDORA-2010-18765 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html HPSBMA02658 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPSBUX02638 http://marc.info/?l=bugtraq&m=129916880600544&w=2 MDVSA-2010:248 http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 RHSA-2010:0977 http://www.redhat.com/support/errata/RHSA-2010-0977.html RHSA-2010:0978 http://www.redhat.com/support/errata/RHSA-2010-0978.html RHSA-2010:0979 http://www.redhat.com/support/errata/RHSA-2010-0979.html RHSA-2011:0896 http://www.redhat.com/support/errata/RHSA-2011-0896.html SSA:2010-340-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 SSRT100339 SSRT100413 SSRT100475 SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1029-1 http://ubuntu.com/usn/usn-1029-1 VU#737740 http://www.kb.cert.org/vuls/id/737740 http://cvs.openssl.org/chngview?cn=20131 http://openssl.org/news/secadv_20101202.txt http://support.apple.com/kb/HT4723 https://bugzilla.redhat.com/show_bug.cgi?id=659462 https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST oval:org.mitre.oval:def:18910 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.