TLS1/SSLv3 Renegotiation Vulnerability

  • A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. This issue affects SSL version 3.0 and TLS version 1.0.
  • Users should contact vendors for specific patch information.