TLS1/SSLv3 Renegotiation Vulnerability

Description

A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.

Remediation

Users should contact vendors for specific patch information.

References
Severity
Tags
  • CSRF