Discover Server Security News
Multiple Apache Web Server Flaws Patched
"Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses CVE-2009-3555, the TLS renegotiation prefix injection attack," Apache noted in a mailing list announcement.
The SSL TLS renegotiation vulnerability might have made it possible for a man-in-the middle attack, potentially leading to SSL-protected sites facing the risk of being spoofed by malicious SSL/TLS credentials.
The link for this article located at ServerWatch is no longer available.