topic Re: TLS Session Renegotiation Vulnerability in Network Security https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/3731824#M343474 <P>I believe the CVE is CVE-2009-3555</P> Wed, 24 Oct 2018 15:44:40 GMT mersnetadmin 2018-10-24T15:44:40Z TLS Session Renegotiation Vulnerability https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/2313961#M343470 <P>Hi Team,</P><P></P><P>We are trying to scan the ASA firewall and getting the below error. Is there any way to resolve this issue? Please sugget.</P><P></P><P></P><P>We did a security scan of Internal firewall and found one issue - "TLS </P><P>Session Renegotiation Vulnerability"</P><P><BR style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 14px; background-color: #ffffff;" /></P><P>The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does </P><P>not properly associate renegotiation handshakes with an existing </P><P>connection, which allows man-in-the-middle attackers to insert data into </P><P>HTTPS sessions, and possibly other types of sessions protected by TLS or </P><P>SSL, by sending an unauthenticated request that is processed </P><P>retroactively by a server in a post-renegotiation context, related to a </P><P>"plaintext injection" attack</P> Tue, 12 Mar 2019 02:34:29 GMT https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/2313961#M343470 Krishna Kumar konduri 2019-03-12T02:34:29Z TLS Session Renegotiation Vulnerability https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/2313962#M343473 <HTML><HEAD></HEAD><BODY><P>It would be easier to search for a solution if theres a CVE ID available.</P><P>Perhaps it's solved with Interim 9.1.2?</P><P></P><P>Michael <BR /> <BR />Please rate all helpful posts</P></BODY></HTML> Fri, 06 Sep 2013 13:08:04 GMT https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/2313962#M343473 Michael Muenz 2013-09-06T13:08:04Z Re: TLS Session Renegotiation Vulnerability https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/3731824#M343474 <P>I believe the CVE is CVE-2009-3555</P> Wed, 24 Oct 2018 15:44:40 GMT https://community.cisco.com/t5/network-security/tls-session-renegotiation-vulnerability/m-p/3731824#M343474 mersnetadmin 2018-10-24T15:44:40Z