I think this vulnerability has CVE# CVE-2009-3555.
Besides IPS (which some vendor don't have signatures for it as I was told the nature of
detection logic is still rather lacking though I don't know how Deep Security managed
to produce a signature for it in 2009), what are the ways to mitigate?
I was told web servers with ssl/openssl can be configured such that they are not vulnerabile.
Kindly provide detailed steps on how to do this for Apache (& Oracle Web server) & IIS
I was told modern browsers are protected against it: kindly let me know any specific settings
we need to set in IE, Firefox & Chrome to protect against this or is this something built into
L09 - SSL / TLS renegotiation vulnerability
The server encrypts traffic using SSL / TLS, but allows a client to renegotiate the connection after the initial handshake. As the server does not appear to limit the number of renegotiations for a single SSL / TLS connection, a client may open several simultaneous connections and repeatedly renegotiate them, which may possibly lead to a DoS condition