2 matches found
SuSE 11.2 Security Update: libopenssl-devel (2009-11-13)
The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...
CVE-2009-4108
creationtimestamp| type| source ---|---|--- 2009-11-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10104 2009-11-24 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10221...