Transport Layer Security (TLS) handshake renegotiation weak security (TLS_Server_Cipher_Renegotiation)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Virtual Server Protection for Vmware, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix):

TThis signature detects SSL/TLS session where a TLS server requests a cipher renegotiation after encrypted application data has been transmitted. This behavior is not common under most normal circumstances and may indicate that a man-in-the-middle attack is taking place.


False positives

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Virtual Server Protection for Vmware, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix): Each session contains valid traffic and legitimate traffic may cause this event to trigger a false positive under certain circumstances. Each session contains valid traffic and legitimate traffic may cause this event to trigger a false-positive under certain circumstances.

Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2450, IBM Security Host Protection for Servers (Windows): 1.0.914.2450, IBM Security Host Protection for Servers (Windows): 2.0.300.2450, RealSecure Server Sensor: XPU 29.110, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Desktops: 2450, Proventia-G 1.1 and earlier: XPU 29.110, Proventia Network MFS: XPU 29.110, Proventia Network IDS: XPU 29.110, Proventia Network IPS: XPU 29.110, Proventia Server IPS for Linux technology: 29.110, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

OpenSSL OpenSSL, Sun Solaris: 8 x86, Apache HTTP Server: 1.3, Apache HTTP Server: 1.2, Apache HTTP Server: 1.0, Apache HTTP Server: 1.2.5, Apache HTTP Server: 1.3.19, Apache HTTP Server: 2.0.28 Beta, Apache HTTP Server: 2.0, Gentoo Linux, Apache HTTP Server: 1.3.26, Apache HTTP Server: 1.3.6, Apache HTTP Server: 1.3.9, Apache HTTP Server: 1.3.12, Apache HTTP Server: 1.3.20, Apache HTTP Server: 1.3.23, Apache HTTP Server: 1.3.17, Apache HTTP Server: 1.3.14, Apache HTTP Server: 2.0.38, Apache HTTP Server: 2.0.39, Apache HTTP Server: 2.0.42, Apache HTTP Server: 1.3.11, OpenSSL OpenSSL: 0.9.7a, OpenSSL OpenSSL: 0.9.6i, OpenSSL OpenSSL: 0.9.7, Apache HTTP Server: 1.3.27, Apache HTTP Server: 1.3.28, Apache HTTP Server: 2.0.47, SUSE SuSE Linux: 9.0, HP HP-UX: B.11.11, OpenSSL OpenSSL: 0.9.6k, Microsoft Windows 2000: SP4, RedHat Enterprise Linux: 3 WS, RedHat Enterprise Linux: 3 ES, RedHat Enterprise Linux: 3 AS, Sun Solaris: 8 SPARC, Sun Solaris: 9 x86, Apache HTTP Server: 1.3.29, OpenSSL OpenSSL: 0.9.6a, OpenSSL OpenSSL: 0.9.7b, OpenSSL OpenSSL: 0.9.7c, Apache HTTP Server: 2.0.49, Apache HTTP Server: 2.0.48, IBM HTTP Server: 2.0.47, RedHat Enterprise Linux: 3 Desktop, HP HP-UX: B.11.23, SuSE SuSE SLES: 9, Microsoft Windows XP: SP2, HP Systems Insight Manager: 4.0 SP1, HP Systems Insight Manager: 4.1 SP1, Apache HTTP Server: 2.0.51, IBM OS 400, Apache HTTP Server: 1.3.33, Turbolinux Turbolinux: 10 Server, Avaya Message Application Server, MandrakeSoft Mandrake Linux Corporate Server: 3.0, Ingate Ingate Firewall: 4.1.3, IBM WebSphere Application Server: 6.0, RedHat Enterprise Linux: 4 AS, RedHat Enterprise Linux: 4 Desktop, Sun Solaris: 10, Novell Linux Desktop: 9, RedHat Enterprise Linux: 4 ES, RedHat Enterprise Linux: 4 WS, Apache HTTP Server: 2.0.52, MandrakeSoft Mandrake Multi Network Firewall: 2.0, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, IBM OS 400: 5.1, Ingate Ingate Firewall: 4.2.0, Ingate Ingate SIParator: 4.2.0, OpenSSL OpenSSL: 0.9.8a, Avaya Message Networking, Apache HTTP Server: 2.0.40, Avaya Modular Messaging: 2.0, Oracle WebLogic Server: 9.0, HP Systems Insight Manager: 4.2 SP1, HP Systems Insight Manager: 4.2 SP2, HP Systems Insight Manager: 5.0 SP1, HP Systems Insight Manager: 5.0 SP2, HP Systems Insight Manager: 5.0 SP3, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Oracle WebLogic Server: 9.1, Canonical Ubuntu: 6.06 LTS, Sun Java System Web Server: 6.1, Novell SLE SDK: 10, IBM OS 400: 5.3, Novell SUSE Linux Enterprise Server: 10, MandrakeSoft Mandrake Linux Corporate Server: 4.0, MandrakeSoft Mandrake Linux Corporate Server: 4.0 X86_64, MandrakeSoft Mandrake Linux Corporate Server: 3.0 X86_64, Apache HTTP Server: 1.3.37, IBM WebSphere Application Server: 6.1, IBM OS 400: 5.3.5, Novell Linux POS: 9, Microsoft Windows Vista, IBM DB2 Universal Database: 9.1, Cisco Wireless Control System, Turbolinux Turbolinux: FUJI, Turbolinux Turbolinux Appliance Server: 2.0, Turbolinux Turbolinux: 10 Server x64 Ed, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, RedHat Enterprise Linux: 5, RedHat Enterprise Linux: 5 Client Workstation, MandrakeSoft Mandrake Linux: 2008.0 X86_64, Debian Debian Linux: 4.0, Oracle WebLogic Server: 8.1 SP6, Oracle WebLogic Server: 7.0 SP7, HP Systems Insight Manager: 5.0 SP4, HP Systems Insight Manager: 5.0 SP5, HP HP-UX: B.11.31, Apache HTTP Server: 2.0.59, Apache HTTP Server: 2.2.4, Sun Java System Web Server: 7.0, Ingate Ingate Firewall: 4.5.1, Ingate Ingate SIParator: 4.5.1, Sun Java System Application Server: 8.1 Enterprise, Sun Java System Application Server: 8.2 Enterprise, RedHat Enterprise Linux: 5 Client, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, MandrakeSoft Mandrake Linux: 2008.0, Apache HTTP Server: 2.0.46, Apache HTTP Server: 2.0.55, Apache HTTP Server: 2.2.3, Turbolinux Turbolinux: 11 Server x64 Ed, Turbolinux Turbolinux: 11 Server, Apache HTTP Server: 2.2.0, Apache HTTP Server: 2.2.2, Apache HTTP Server: 2.2.5, Apache HTTP Server: 2.2.6, Apache HTTP Server: 1.3.0, Apache HTTP Server: 1.3.2, Apache HTTP Server: 1.3.39, Apache HTTP Server: 1.3.3, Apache HTTP Server: 1.3.36, Apache HTTP Server: 1.3.35, Apache HTTP Server: 1.3.34, Apache HTTP Server: 1.3.32, Apache HTTP Server: 1.3.31, Apache HTTP Server: 1.3.24, Apache HTTP Server: 1.3.22, Apache HTTP Server: 1.3.4, Sun Java System Web Proxy Server: 4.0, Microsoft Internet Information Services: 7.0, FreeBSD FreeBSD: 6.3, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Apache HTTP Server: 1.3.18, Apache HTTP Server: 1.3.25, Apache HTTP Server: 2.0.28, Apache HTTP Server: 2.0.32, Apache HTTP Server: 2.0.35, Apache HTTP Server: 2.0.36, Apache HTTP Server: 2.0.37, Apache HTTP Server: 2.0.41, OpenOffice OpenOffice.org: 2.0, IBM DB2 Universal Database: 9.1 FP4, IBM DB2 Universal Database: 9.1 FP3, IBM DB2 Universal Database: 9.1 FP2, Apache HTTP Server: 0.8.11, Apache HTTP Server: 0.8.14, Apache HTTP Server: 1.0.2, Apache HTTP Server: 1.0.3, Apache HTTP Server: 1.0.5, Apache HTTP Server: 1.1.1, Apache HTTP Server: 1.3.13, Apache HTTP Server: 1.3.15, Apache HTTP Server: 1.3.16, Apache HTTP Server: 1.3.30, Apache HTTP Server: 1.3.38, Apache HTTP Server: 1.3.5, Apache HTTP Server: 1.3.7, Apache HTTP Server: 1.3.8, Apache HTTP Server: 2.0.32 Beta, Apache HTTP Server: 2.0.34 Beta, Apache HTTP Server: 2.0.43, Apache HTTP Server: 2.0.44, Apache HTTP Server: 2.0.45, Apache HTTP Server: 2.0.50, Apache HTTP Server: 2.0.53, Apache HTTP Server: 2.0.54, Apache HTTP Server: 2.0.56, Apache HTTP Server: 2.0.57, Apache HTTP Server: 2.0.58, Apache HTTP Server: 2.0.60, Apache HTTP Server: 2.0.61, Apache HTTP Server: 2.0.9, Apache HTTP Server: 2.1.1, Apache HTTP Server: 2.1.2, Apache HTTP Server: 2.1.3, Apache HTTP Server: 2.1.4, Apache HTTP Server: 2.1.5, Apache HTTP Server: 2.1.6, Apache HTTP Server: 2.1.7, Apache HTTP Server: 2.1.8, Apache HTTP Server: 2.2, Apache HTTP Server: 2.2.1, Avaya Communication Manager, Citrix Secure Gateway: 3.0, GNU GnuTLS: 1.0.16, GNU GnuTLS: 1.0.17, GNU GnuTLS: 1.0.18, GNU GnuTLS: 1.0.19, GNU GnuTLS: 1.0.20, GNU GnuTLS: 1.0.21, GNU GnuTLS: 1.0.22, GNU GnuTLS: 1.0.23, GNU GnuTLS: 1.0.24, GNU GnuTLS: 1.0.25, GNU GnuTLS: 1.1.14, GNU GnuTLS: 1.1.15, GNU GnuTLS: 1.1.16, GNU GnuTLS: 1.1.17, GNU GnuTLS: 1.1.18, GNU GnuTLS: 1.1.19, GNU GnuTLS: 1.1.20, GNU GnuTLS: 1.1.21, GNU GnuTLS: 1.1.22, GNU GnuTLS: 1.1.23, GNU GnuTLS: 1.2.0, GNU GnuTLS: 1.2.1, GNU GnuTLS: 1.2.10, GNU GnuTLS: 1.2.11, GNU GnuTLS: 1.2.2, GNU GnuTLS: 1.2.3, GNU GnuTLS: 1.2.4, GNU GnuTLS: 1.2.5, GNU GnuTLS: 1.2.6, GNU GnuTLS: 1.2.7, GNU GnuTLS: 1.2.8, GNU GnuTLS: 1.2.9, GNU GnuTLS: 1.3.0, GNU GnuTLS: 1.3.1, GNU GnuTLS: 1.3.2, GNU GnuTLS: 1.3.3, GNU GnuTLS: 1.3.4, GNU GnuTLS: 1.3.5, GNU GnuTLS: 1.4.0, GNU GnuTLS: 1.4.1, HP System Management Homepage: 2.0.0, HP System Management Homepage: 2.0.1, HP System Management Homepage: 2.0.2, HP System Management Homepage: 2.1, HP System Management Homepage: 2.1.1, HP System Management Homepage: 2.1.2, HP System Management Homepage: 2.1.3, HP System Management Homepage: 2.1.3.132, HP System Management Homepage: 2.1.4, HP System Management Homepage: 2.1.5, HP System Management Homepage: 2.1.6, HP System Management Homepage: 2.1.7, HP System Management Homepage: 2.1.8, HP System Management Homepage: 2.1.9, HP Systems Insight Manager, HP Systems Insight Manager: 4.0, HP Systems Insight Manager: 4.1, HP Systems Insight Manager: 4.2, HP Systems Insight Manager: 5.0, IBM HTTP Server: 6.0, IBM HTTP Server: 6.1, Novell Open Enterprise Server, OpenSSL OpenSSL: 0.9.1c, OpenSSL OpenSSL: 0.9.2b, OpenSSL OpenSSL: 0.9.3, OpenSSL OpenSSL: 0.9.3a, OpenSSL OpenSSL: 0.9.4, OpenSSL OpenSSL: 0.9.5, OpenSSL OpenSSL: 0.9.5 Beta1, OpenSSL OpenSSL: 0.9.5 Beta2, OpenSSL OpenSSL: 0.9.5a, OpenSSL OpenSSL: 0.9.5a Beta1, OpenSSL OpenSSL: 0.9.5a Beta2, OpenSSL OpenSSL: 0.9.6, OpenSSL OpenSSL: 0.9.6 Beta1, OpenSSL OpenSSL: 0.9.6 Beta2, OpenSSL OpenSSL: 0.9.6 Beta3, OpenSSL OpenSSL: 0.9.6a Beta1, OpenSSL OpenSSL: 0.9.6a Beta2, OpenSSL OpenSSL: 0.9.6a Beta3, OpenSSL OpenSSL: 0.9.6b, OpenSSL OpenSSL: 0.9.6c, OpenSSL OpenSSL: 0.9.6d, OpenSSL OpenSSL: 0.9.6e, OpenSSL OpenSSL: 0.9.6f, OpenSSL OpenSSL: 0.9.6g, OpenSSL OpenSSL: 0.9.6h, OpenSSL OpenSSL: 0.9.6j, OpenSSL OpenSSL: 0.9.6l, OpenSSL OpenSSL: 0.9.6m, OpenSSL OpenSSL: 0.9.7 Beta1, OpenSSL OpenSSL: 0.9.7 Beta2, OpenSSL OpenSSL: 0.9.7 Beta3, OpenSSL OpenSSL: 0.9.7 Beta4, OpenSSL OpenSSL: 0.9.7 Beta5, OpenSSL OpenSSL: 0.9.7 Beta6, OpenSSL OpenSSL: 0.9.7d, OpenSSL OpenSSL: 0.9.7e, OpenSSL OpenSSL: 0.9.7f, OpenSSL OpenSSL: 0.9.7g, OpenSSL OpenSSL: 0.9.7h, OpenSSL OpenSSL: 0.9.7i, OpenSSL OpenSSL: 0.9.7j, OpenSSL OpenSSL: 0.9.7k, OpenSSL OpenSSL: 0.9.7l, OpenSSL OpenSSL: 0.9.8, OpenSSL OpenSSL: 0.9.8b, OpenSSL OpenSSL: 0.9.8c, OpenSSL OpenSSL: 0.9.8d, OpenSSL OpenSSL: 0.9.8e, OpenSSL OpenSSL: 0.9.6-15, OpenSSL OpenSSL: 0.9.6B-3, OpenSSL OpenSSL: 0.9.7A-2, Sun Java System Web Proxy Server: 4.0.2, Sun Java System Web Proxy Server: 4.0.3, Sun Java System Web Proxy Server: 4.0.4, Sun Java System Web Proxy Server: 4.0.5, Sun Java System Web Proxy Server: 4.0.6, IBM OS 400: 5.2, Canonical Ubuntu: 8.04 LTS, Aruba Networks Mobility Controller: 2.4.8.0-FIPS, GNU GnuTLS: 1.4.5, GNU GnuTLS: 1.6.3, GNU GnuTLS: 2.0.4, GNU GnuTLS: 2.2.0, GNU GnuTLS: 2.2.1, GNU GnuTLS: 2.2.2, GNU GnuTLS: 2.2.3, GNU GnuTLS: 1.1.13, IBM DB2 Universal Database: 9.1 FP1, OpenSSL OpenSSL: 0.9.8f, OpenSSL OpenSSL: 0.9.8g, RedHat RHEL Supplementary: 5.2.z EUS, Apache HTTP Server: 2.0.63, Apache HTTP Server: 2.2.8, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Desktop: 10 SP2, Novell SUSE Linux Enterprise: 10 SP2 DEBUGINFO, Novell SLE SDK: 10 SP2, Novell SUSE Linux Enterprise Server: 10 SP2, HP System Management Homepage: 2.1.11, Oracle WebLogic Server: 9.2 MP3, OpenSSL OpenSSL: 0.9.8h, Sun Java System Web Proxy Server: 4.0 SP1, Sun Solaris: 9 SPARC, OpenVPN OpenVPN: 2.1 rc8, OpenVPN OpenVPN: 2.1 beta14, Apache HTTP Server: 2.2.9, GNU GnuTLS: 2.3.5, GNU GnuTLS: 2.3.6, GNU GnuTLS: 2.3.7, GNU GnuTLS: 2.3.8, GNU GnuTLS: 2.3.9, GNU GnuTLS: 2.4.0, FreeBSD FreeBSD: 6.4, HP System Management Homepage: 2.1.10, Ingate Ingate Firewall: 4.6.2, Ingate Ingate SIParator: 4.6.2, Sun OpenSolaris: build_snv_86 x86, Sun OpenSolaris: build_snv_86 SPARC, Sun Java System Web Proxy Server: 4.0.7, Mandriva Linux: 2009.0, Mandriva Linux: 2009.0 X86_64, HP Systems Insight Manager: 5.2, IBM DB2 Universal Database: 9.1 FP5, Canonical Ubuntu: 8.10, HP System Management Homepage: 2.2.6, HP System Management Homepage: 2.2.8, GNU GnuTLS: 2.6.0, FreeBSD FreeBSD: 7.1, HP System Management Homepage: 2.1.12, RedHat RHEL Supplementary: 5.3.z EUS, Debian Debian Linux: 5.0, GNU GnuTLS: 2.4.1, GNU GnuTLS: 2.4.2, HP System Management Homepage: 2.1.0-103, HP System Management Homepage: 2.1.0-103(A), HP System Management Homepage: 2.1.0-109, HP System Management Homepage: 2.1.0-118, HP System Management Homepage: 2.1.10-186, HP System Management Homepage: 2.1.11-197, HP System Management Homepage: 2.1.12-118, HP System Management Homepage: 2.1.12-200, HP System Management Homepage: 2.1.2-127, HP System Management Homepage: 2.1.4-143, HP System Management Homepage: 2.1.5-146, HP System Management Homepage: 2.1.6-156, HP System Management Homepage: 2.1.7-168, HP System Management Homepage: 2.1.8-177, HP System Management Homepage: 2.1.9-178, Cisco ACE 4710, ProFTPD ProFTPD: 1.3.2, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows XP: SP3, Ingate Ingate Firewall: 4.7, Ingate Ingate SIParator: 4.7, VMware ESX: 3.5, IBM DB2 Universal Database: 9.1 FP6, GNU GnuTLS: 2.6.1, GNU GnuTLS: 2.6.2, GNU GnuTLS: 2.6.3, GNU GnuTLS: 2.6.4, GNU GnuTLS: 2.6.5, FreeBSD FreeBSD: 7.2 pre-Release, HP System Management Homepage: 3.0, HP System Management Homepage: 2.1.15-210, HP System Management Homepage: 3.0.0-68, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Opera Opera Browser: 9.0, OpenSSL OpenSSL: 0.9.7M, OpenSSL OpenSSL: 0.9.7A-2 I386 Dev, OpenSSL OpenSSL: 0.9.7A-2 I386, OpenSSL OpenSSL: 0.9.6-15 I386, OpenSSL OpenSSL: 0.9.7A-2 I386 Perl, OpenSSL OpenSSL: 0.9.6B-3 I386, OpenSSL OpenSSL: 1.0 Openvms, Citrix Secure Gateway: 3.1, Microsoft Windows 7: x64, Apache HTTP Server: 1.3.7 Dev, Apache HTTP Server: 1.3.65, Apache HTTP Server: 1.99, Apache HTTP Server: 1.3.68, Apache HTTP Server: 1.2.4, Apache HTTP Server: 1.3.1.1, Apache HTTP Server: 1.2.6, Apache HTTP Server: 1.4.0, Apache HTTP Server: 2.0.46 Win32, Apache HTTP Server: 2.2.11, Apache HTTP Server: 2.2.10, Apache HTTP Server: 2.2.7, Apache HTTP Server: 2.0.58 Win32, Apache HTTP Server: 2.1.9, FreeBSD FreeBSD: 8.0, HP ProCurve Threat Mgmt Services zl Module (J9155A): ST.1.0.090213, Mozilla Firefox: 3.5, Mandriva Linux: 2009.1, Mandriva Linux: 2009.1 X86_64, GNU GnuTLS: 2.6.6, GNU GnuTLS: 2.8.1, IBM DB2: 9.7, GNU GnuTLS: 2.5.0, GNU GnuTLS: 2.3.11, GNU GnuTLS: 2.3.2, GNU GnuTLS: 2.3.4, GNU GnuTLS: 2.3.3, GNU GnuTLS: 1.2.8.1a1, GNU GnuTLS: 1.7.14, GNU GnuTLS: 1.7.15, GNU GnuTLS: 1.7.12, GNU GnuTLS: 1.7.13, GNU GnuTLS: 1.7.18, GNU GnuTLS: 1.7.19, GNU GnuTLS: 2.2.5, GNU GnuTLS: 1.7.16, GNU GnuTLS: 2.2.4, GNU GnuTLS: 1.7.17, GNU GnuTLS: 1.5.0, GNU GnuTLS: 2.0.2, GNU GnuTLS: 1.4.4, GNU GnuTLS: 2.0.3, GNU GnuTLS: 1.4.3, GNU GnuTLS: 2.0.0, GNU GnuTLS: 1.4.2, GNU GnuTLS: 2.0.1, GNU GnuTLS: 1.5.4, GNU GnuTLS: 2.1.2, GNU GnuTLS: 1.5.3, GNU GnuTLS: 2.1.3, GNU GnuTLS: 1.5.2, GNU GnuTLS: 2.1.0, GNU GnuTLS: 1.5.1, GNU GnuTLS: 2.1.1, GNU GnuTLS: 1.6.1, GNU GnuTLS: 2.1.7, GNU GnuTLS: 1.6.2, GNU GnuTLS: 2.1.6, GNU GnuTLS: 1.5.5, GNU GnuTLS: 2.1.5, GNU GnuTLS: 1.6.0, GNU GnuTLS: 2.1.4, GNU GnuTLS: 1.7.2, GNU GnuTLS: 1.7.3, GNU GnuTLS: 2.3.1, GNU GnuTLS: 1.7.0, GNU GnuTLS: 2.3.0, GNU GnuTLS: 1.7.1, GNU GnuTLS: 2.1.8, GNU GnuTLS: 1.7.6, GNU GnuTLS: 1.7.7, GNU GnuTLS: 1.7.4, GNU GnuTLS: 1.7.5, GNU GnuTLS: 1.7.10, GNU GnuTLS: 2.3.10, GNU GnuTLS: 1.7.11, GNU GnuTLS: 1.7.8, GNU GnuTLS: 1.7.9, GNU GnuTLS: 2.8.0, Mozilla Nss: 3.11.8, Mozilla Nss: 3.11.2, Mozilla Nss: 3.6, Mozilla Nss: 3.12, Mozilla Nss: 3.11.7, Mozilla Nss: 3.4, Mozilla Nss: 3.11.4, Mozilla Nss: 3.0, Mozilla Nss: 3.12.2, Mozilla Nss: 3.12.1, Mozilla Nss: 3.5, Mozilla Nss: 3.4.2, Mozilla Nss: 3.4.3, Mozilla Nss: 3.4.1, Mozilla Nss: 3.6.1, Mozilla Nss: 3.10, Mozilla Nss: 3.9.5, Mozilla Nss: 3.9, Mozilla Nss: 3.7.7, Mozilla Nss: 3.7.5, Mozilla Nss: 3.7, Mozilla Nss: 3.7.1, Mozilla Nss: 3.7.2, Mozilla Nss: 3.7.3, Mozilla Nss: 3.8, Mozilla Nss: 3.3.2, Mozilla Nss: 3.3.1, Mozilla Nss: 3.3, Mozilla Nss: 3.2.1, Mozilla Nss: 3.2, Apache HTTP Server: 2.2.13, IBM HTTP Server: 7.0, Apple Mac OS X: 10.5.8, Apple Mac OS X Server: 10.5.8, RedHat Enterprise Linux: 4.8.z ES, RedHat Enterprise Linux: 4.8.z AS, Microsoft Windows 7: x32, Microsoft Windows Server 2008: R2 x64, Microsoft Windows Server 2008: R2 Itanium, IBM DB2 Universal Database: 9.1 FP7, Apache HTTP Server: 2.2.12, Blue Coat Systems Security Gateway OS (SGOS): 4.0, Blue Coat Systems Security Gateway OS (SGOS): 5.1, Blue Coat Systems Security Gateway OS (SGOS): 5.2, Blue Coat Systems Security Gateway OS (SGOS): 5.3, Blue Coat Systems Security Gateway OS (SGOS): 5.4, Aruba Networks ArubaOS: 3.3.2.X, Aruba Networks ArubaOS: 3.4.X, RedHat Enterprise Linux: 5.4.z EUS, Microsoft Internet Information Services: 7.5, Apple Mac OS X Server: 10.6.2, Apple Mac OS X: 10.6.2, PeerSec MatrixSSL: 1.8.7, VooDoo cIRCle: 1.1.38.7, Microsoft Windows Server 2008: SP2 Itanium, Sun OpenSolaris: 2009.06, IBM Java: 1.4, IBM Java: 5.0, Sun Java System Application Server: 8.0 Enterprise, IBM Java SDK: 5.0, IBM Java SDK: 6.0, IBM Java SDK: 6.1, Sun GlassFish Enterprise Server: 2.1.1, IBM WebSphere DataPower SOA Appliances: 3.6.1, IBM WebSphere DataPower SOA Appliances: 3.7.1, IBM WebSphere DataPower SOA Appliances: 3.7.2, IBM WebSphere DataPower SOA Appliances: 3.7.3, IBM WebSphere DataPower SOA Appliances: 3.8, IBM WebSphere DataPower, Zeus Zeus Web Server: 4.3 r4, Oracle WebLogic Server: 10.3.2, HP System Management Homepage: 3.0.0-64, HP System Management Homepage: 3.0.2-77, Mozilla Thunderbird: 3.0.1, OpenOffice OpenOffice.org: 3.2, Mozilla SeaMonkey: 2.0.2, Mozilla Firefox: 3.6, Cisco Digital Media Manager (DMM): 5.0, Sun JDK: 6 Update18, Sun JRE: 6 Update18, Sun JDK: 5.0 Update23, Sun SDK: 1.4.2_25, HP System Management Homepage: 6.0.0.95, HP System Management Homepage: 6.0.0.96, RedHat Red Hat Enterprise Linux: 4.7.z Extras, RedHat Red Hat Enterprise Linux: 4.8.z Extras, RedHat RHEL Supplementary: 5.4.z EUS, HP Systems Insight Manager: 5.3, HP Systems Insight Manager: 5.3 Update 1, HP Systems Insight Manager: 6.0, Oracle WebLogic Server: 10.0 MP2, Oracle WebLogic Server: 10.3.3, HP System Management Homepage: 6.0, HP System Management Homepage: 6.1, Oracle Transportation Management: 5.5.06.03, Oracle Transportation Management: 6.0.6, Oracle Transportation Management: 6.1.2, HP Systems Insight Manager: 6.1, Oracle Java SE JDK: 6 Update 21, Oracle Java SE JRE: 6 Update 21, Oracle Java SE JDK: 5 Update 25, Oracle Java SE SDK: 1.4.2_27, Oracle Java for Business JDK: 6 Update 21, Oracle Java for Business JRE: 6 Update 21, Oracle Java for Business JDK: 5 Update 25, Oracle Java for Business SDK: 1.4.2_27, Oracle Java for Business JRE: 1.4.2_27, Turbolinux Client: 2008, Turbolinux Appliance Server: 3.0 x64, Turbolinux Appliance Server: 3.0, Mandriva Enterprise Server: 5, Mandriva Enterprise Server: 5 X86_64, Mandriva Linux: 2010 X86_64, Mandriva Linux: 2010, BlueCoat Reporter: 9.2.3.1, BlueCoat Reporter: 9.1.5.1, BlueCoat Reporter: 8.3.7.1, Innominate Security Technologies mGuard: 5.x, Innominate Security Technologies mGuard: 6.x, Innominate Security Technologies mGuard: 7, Blue Coat Systems Director: 5.x, RedHat Enterprise Linux: 6 Server, RedHat Enterprise Linux: 6 Workstation, Microsoft IIS: 7.0, HP Onboard Administrator: 3.21, HP Onboard Administrator: 3.31, HP Integrated Lights-Out 2 Firmware: 2.05, HP Integrated Lights-Out 3 Firmware: 1.16, RedHat Enterprise Linux Server Supplementary : 6, RedHat Enterprise Linux Workstation Supplementary : 6, RedHat Enterprise Linux Desktop : 6, RedHat Enterprise Linux Desktop Supplementary : 6, RedHat Enterprise Linux HPC Node : 6, RedHat Enterprise Linux HPC Node Supplementary : 6, RedHat Enterprise Linux for SAP, RedHat Enterprise Linux Server EUS: 6.0.z, JBoss Enterprise Web Server, HP Onboard Administrator: 3.32, HP Systems Insight Manager: 5.0 SP6, HP Systems Insight Manager: 6.2, HP Systems Insight Manager: 6.3

Type

Suspicious Activity

Vulnerability description

Multiple implementations of the Transport Layer Security (TLS) protocol, including SSL, could provide weaker than expected security, caused by TLS handshake renegotiation. A remote attacker could exploit this vulnerability via man-in-the-middle techniques to inject data into the beginning of the application protocol stream to execute HTTP transactions, bypass authentication and possibly launch further attacks against the victim.IBM3

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

References

TLS Mailing List Wed, 4 Nov 2009
MITM attack on delayed TLS-client auth through renegotiation
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

The Apache Software Foundation Web site
Apache HTTP Server
http://httpd.apache.org/

Microsoft IIS Web site
The Official Microsoft IIS Site
http://www.iis.net/

OpenSSL CVS Repository
Check-in Number: 18790
http://cvs.openssl.org/chngview?cn=18790

IBM Internet Security Systems Protection Alert
Transport Layer Security (TLS) handshake renegotiation weak security
http://www.iss.net/threats/352.html

CTX123359
Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359

cisco-sa-20091109-tls
Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

MatrixSSL Web Site
MatrixSSL 1.8.8
http://www.matrixssl.org/archives/cat_releases.html

security advisory 20091112-01
An OpenSource VooDoo cIRCle
http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html

gmane.network.openvpn.devel
OpenVPN 2.1_rc21 released
http://article.gmane.org/gmane.network.openvpn.devel/2835

Ingate Web Site
Release notice for Ingate Firewall® 4.8.1 and Ingate SIParator® 4.8.1
http://www.ingate.com/Relnote.php?ver=481

HP Security Bulletin HPSBUX02482 SSRT090249 rev.1
HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

FreeBSD-SA-09:15.ssl
SSL protocol flaw
http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc

Sun Alert ID: 273350
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Network Security Services (NSS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1

IBM APAR PK96157
SHIP APAR FIXES FOR H28W601 FIX PACK 6.0.2.39. 09/09/14 PTF PECHANGE
http://www-01.ibm.com/support/docview.wss?uid=swg1PK96157

IBM Support and Downloads Web Site
IBM HTTP Server interim fix for PM00675
http://www-01.ibm.com/support/docview.wss?uid=swg24025312

ProFTPD Web site
1.3.2 Release Notes
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

SOL10737
SSL/TLS Authentication Gap – Status of Patches
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

ProFTP Web Site
1.3.2 Release Notes
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

IBM APAR IZ65239
Transport Layer Security (TLS) handshake renegotiation weak security CVE-2009-3555
http://www-01.ibm.com/support/docview.wss?uid=swg21415080

The Apache Tomcat Native - Miscellaneous Documentation
Changes between 1.1.17 and 1.1.18
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

HP Security Bulletin HPSBUX02498 SSRT090264 rev.1
HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123

Offensive Security Exploit Database [12-21-2009]
TLS Renegotiation Vulnerability PoC Exploit
http://www.exploit-db.com/exploits/10579

Sun Alert ID: 274990
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

IBM Support and Downloads
Are DataPower appliances affected by the SSL Man-in-the-Middle attack (CVE-2009-3555)?
http://www-01.ibm.com/support/docview.wss?uid=swg21410851

IBM Support and Downloads
Critical updates for IBM WebSphere DataPower SOA appliances
http://www-01.ibm.com/support/docview.wss?uid=swg21390112

IBM Support and Downloads
TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION VULNERABILITY
http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e

IBM Support and Downloads
DATAPOWER CHANGE TO PREVENT SSL TLS MAN-IN-THE-MIDDLE ATTACK
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64790

Apple Web site
About Security Update 2010-001
http://support.apple.com/kb/HT4004

IBM Support and Downloads
TLS/SSL PROTOCOL VULNERABILITY FOR WSAS SDK 1.5 SR10
http://www-01.ibm.com/support/docview.wss?uid=swg24025719

IBM Support and Downloads
TLS/SSL PROTOCOL VULNERABILITY FOR WSAS SDK 1.5 SR11
http://www-01.ibm.com/support/docview.wss?uid=swg24025718

IBM Security alerts
developerWorks : Java; technology : IBM developer kits : Additional documentation
http://www.ibm.com/developerworks/java/jdk/alerts/

Bugzilla@Mozilla – Bug 526689
(CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability
https://bugzilla.mozilla.org/show_bug.cgi?id=526689

Mozilla Web site
NSS 3.12.5 release notes
https://developer.mozilla.org/NSS_3.12.5_release_notes

IBM Support & downloads
Transport Layer Security (TLS) handshake renegotiation weak security (CVE-2009-3555) in relation to WebSphere Application Server products
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D600&uid=swg21413714&loc=en_US&cs=utf-8&lang=en

Microsoft Security Advisory (977377)
Vulnerability in TLS/SSL Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/977377.mspx

Aruba Networks Security Advisory
TLS Protocol Session Renegotiation Security Vulnerability
http://www.arubanetworks.com/support/alerts/aid-020810.txt

Bugzilla@Mozilla – Bug 526689
(CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability
https://bugzilla.mozilla.org/show_bug.cgi?id=526689

Opera changelog
Opera 10.50 beta (with Opera Widgets for Desktop) for Windows changelog
http://www.opera.com/docs/changelogs/windows/1050b1/

Bluecoat Security Advisories ID: SA44
TLS/SSLv3 renegotiation (CVE-2009-3555)
https://kb.bluecoat.com/index?page=content&id=SA44

MFSA 2010-22
Update NSS to support TLS renegotiation indication
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

Oracle Critical Patch Update Advisory - March 2010
Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

IBM Support and Downloads
Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.1 Fix Pack 9
http://www-01.ibm.com/support/docview.wss?uid=swg21426108

IBM APAR IC65922
SECURITY: BUFFER OVERRUN IN REPEAT UDF.
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922

IBM APAR IC67848
SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATIONWEAK SECURITY CVE-2009-3555
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848

IBM APAR PM12247
SHIP APAR FIXES FOR H28W610 FIX PACK 6.1.0.31.
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

ASA-2010-119
nss security update (RHSA-2010-0165)
https://support.avaya.com/css/P8/documents/100081611

IBM APAR PM10658
IBM HTTP SERVER 2.0.47 CUMULATIVE INTERIM FIX
http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658

HP Security Bulletin HPSBMA02534 SSRT090180
HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02171256

IBM Support and Downloads
Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.7 Fix Pack 2
http://www-01.ibm.com/support/docview.wss?uid=swg21432298

OpenOffice Web Site
OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
http://www.openoffice.org/security/cves/CVE-2009-3555.html

HP Security Bulletin HPSBMA02547 SSRT100180
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02273751

Oracle Critical Patch Update Advisory - July 2010
Oracle Critical Patch Update Advisory - July 2010
http://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html

cisco-sa-20091109-tls
Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

HP Security Bulletin HPSBGN02562 SSRT090249
HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A running TLS/SSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041

Microsoft Security Bulletin MS10-049
Vulnerabilities in SChannel could allow Remote Code Execution (980436)
http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx

HP Security Bulletin HPSBMA02568 SSRT100219
HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02512995

VMSA-2010-0015
VMware ESX third party updates for Service Console
http://lists.vmware.com/pipermail/security-announce/2010/000106.html

Oracle Critical Patch Update Advisory - October 2010
Oracle Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Microsoft Security Bulletin MS10-085
Vulnerabilities in SChannel Could Allow Denial of Service (2207566)
http://www.microsoft.com/technet/security/bulletin/ms10-085.mspx

Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010
Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

VMSA-2010-0019
VMware ESX third party updates for Service Console
http://lists.vmware.com/pipermail/security-announce/2010/000113.html

SA50
Multiple SSL/TLS vulnerabilities in Reporter
https://kb.bluecoat.com/index?page=content&id=SA50

Innominate mGuard
Version 7.2.1 - Release Notes
http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_721_en.pdf

Innominate mGuard
Version 6.1.5 - Release Notes
http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf

Innominate mGuard
Version 5.1.6 - Release Notes
http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf

Oracle Critical Patch Update Advisory - April 2011
Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Sun Security Blog, 29 Apr 2011
Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache

Bluecoat Web site
Security Advisories
https://kb.bluecoat.com/index?page=content&id=SA61

HPSBHF02706 SSRT100613 rev.1
HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03024266

Microsoft Security Bulletin MS12-006
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
http://technet.microsoft.com/en-us/security/bulletin/ms12-006

HP Security Bulletin HPSBMU02759 SSRT100817
HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03263573

HP Security Bulletin HPSBMU02769 SSRT100846
HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151

Microsoft Security Bulletin MS12-049
Vulnerability in TLS Could Allow Information Disclosure (2655992)
http://technet.microsoft.com/en-us/security/bulletin/ms12-049

ISS X-Force
Transport Layer Security (TLS) handshake renegotiation weak security
http://www.iss.net/security_center/static/54158.php

CVE
CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555