Penetration Testing mailing list archives
Re: MITM Tool for CVE-2009-3555
From: Richard Miles <richard.k.miles () googlemail com>
Date: Tue, 28 Sep 2010 18:08:51 -0500
Hi Nice project. OVAL interpreter is a security scanner like nessus? Anyway I want to know a tool to exploit the issue, not to confirm if it's present. Thanks On Tue, Sep 28, 2010 at 1:23 PM, SD List <list () security-database com> wrote:
Hi Richard You can rely on OVAL interpreter using these definitions oval:org.mitre.oval:def:8366, HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS) oval:org.mitre.oval:def:8535, HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) oval:org.mitre.oval:def:7973, Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) oval:org.mitre.oval:def:11578, Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL oval:org.mitre.oval:def:10088, The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security oval:org.mitre.oval:def:7315, TLS/SSL Renegotiation Vulnerability See here the complete mapping http://www.security-database.com/detail.php?alert=CVE-2009-3555 Kind Regards Nabil www.twitter.com/toolswatchAny recommendations for a tool to test this? Thanks, Richard ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: MITM Tool for CVE-2009-3555 Richard Miles (Oct 04)