Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) Network Vulnerability

Summary

This host installed with TLS/SSL protocol which is prone to Spoofing Vulnerability

Impact

Successful exploitation could allow remote attackers to prepend content into a legitimate, client-initiated request to a server in the context of a valid TLS/SSL-authenticated session. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/advisory/977377.mspx

Insight

The flaw is due to an error in TLS/SSL, allows a malicious man-in-the-middle attack to introduce and execute a request in the protected TLS/SSL session between a client and a server.

Affected

Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2000 Service Pack 4 and prior Microsoft Windows 2003 Service Pack 2 and prior

References

http://support.microsoft.com/kb/977377
http://www.microsoft.com/technet/security/advisory/977377.mspx
http://www.vupen.com/english/advisories/2010/0349

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3555

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Microsoft ASP.NET Cross-Site Scripting vulnerability
Opera remote location object cross-domain scripting vulnerability
Microsoft .NET Framework Security Bypass Vulnerability
Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)

Take action and discover your vulnerabilities