[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: Re: MITM Tool for CVE-2009-3555
From: Richard Miles <richard.k.miles () googlemail ! com>
Date: 2010-09-28 23:08:51
Message-ID: AANLkTimTx5uVFM7qJk0XYFvA6zdCjFUF8=PncBU62z+N () mail ! gmail ! com
[Download RAW message or body]
Hi
Nice project. OVAL interpreter is a security scanner like nessus?
Anyway I want to know a tool to exploit the issue, not to confirm if
it's present.
Thanks
On Tue, Sep 28, 2010 at 1:23 PM, SD List <list@security-database.com> wrote:
> Hi Richard
>
> You can rely on OVAL interpreter using these definitions
>
> oval:org.mitre.oval:def:8366, HP-UX Running Apache, Remote Unauthorized
> Data Injection, Denial of Service (DoS)
> oval:org.mitre.oval:def:8535, HP-UX Running OpenSSL, Remote Unauthorized
> Data Injection, Denial of Service (DoS)
> oval:org.mitre.oval:def:7973, Security Vulnerability in the Transport
> Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
> Involving Handshake Renegotiation Affects Applications Utilizing Network
> Security Services (NSS)
> oval:org.mitre.oval:def:11578, Security Vulnerability in the Transport
> Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
> Involving Handshake Renegotiation Affects OpenSSL
> oval:org.mitre.oval:def:10088, The TLS protocol, and the SSL protocol 3.0
> and possibly earlier, as used in Microsoft Internet Information Services
> (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL
> before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security
> oval:org.mitre.oval:def:7315, TLS/SSL Renegotiation Vulnerability
>
> See here the complete mapping
> http://www.security-database.com/detail.php?alert=CVE-2009-3555
>
> Kind Regards
>
> Nabil
> www.twitter.com/toolswatch
>
>
>
> > Any recommendations for a tool to test this?
> >
> > Thanks,
> > Richard
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
> >
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a \
> proper penetration test. IACRB CPT and CEPT certs require a full practical \
> examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a \
proper penetration test. IACRB CPT and CEPT certs require a full practical \
examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic