{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"

D'autres impl\u00e9mentations du protocole sont probablement touch\u00e9es, ainsi que des applications utilisant OpenSSL.

","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le protocole SSL/TLS lors de\nren\u00e9gociations de sessions. Une personne s'\u00e9tant au pr\u00e9alable mise en\nsituation \u00ab d'homme au milieu \u00bb (man in the middle) peut, dans certaines\ncirconstances, injecter des donn\u00e9es \u00e0 l'encontre d'un utilisateur, pour,\npar exemple, forcer l'envoi d'une requ\u00eate HTTP au serveur vers lequel la\nvictime se connecte.\n\n## Solution\n\nLa version 0.9.8l de OpenSSL d\u00e9sactive la ren\u00e9gociation de sessions par\nd\u00e9faut.\n","cves":[{"name":"CVE-2009-3555","url":"https://www.cve.org/CVERecord?id=CVE-2009-3555"},{"name":"CVE-2009-3245","url":"https://www.cve.org/CVERecord?id=CVE-2009-3245"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 IBM du 27 janvier 2010 pour IBM WebSphere :","url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025719"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0162.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009 :","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"},{"title":"Bulletin de s\u00e9curit\u00e9 HP c01945686 du 12 d\u00e9cembre 2009 :","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c01945686"},{"title":"Bulletin de s\u00e9curit\u00e9 Bluecoat SA44 du 23 f\u00e9vrier 2010 :","url":"http://kb.bluecoat.com/index?page=content&id=SA44"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0164.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 26 f\u00e9vrier 2010 :","url":"http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"},{"title":"Mise \u00e0 jour de OpenSSL :","url":"http://www.openssl.org/source/"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM du 25 novembre 2010 pour IBM WebSphere MQ :","url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :","url":"http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010 :","url":"http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0173 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0173.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :","url":"http://www.microsoft.com/france/technet/security/Bulletin/MS10-049.mspx"},{"title":"Bulletin de version ProFTPd 1.3.2c :","url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :","url":"http://rhn.redhat.com/errata/RHSA-2009-1580.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et 12782 du 07 d\u00e9cembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00449.html"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0165.html"},{"title":"Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2009:057 du 18 novembre 2009 :","url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200912-01 du 02 d\u00e9cembre 2009 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200912-01.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010 :","url":"http://support.apple.com/kb/HT4004"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01029.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01020.html"},{"title":"Bulletin de s\u00e9curit\u00e9 HP c02171256 du 17 mai 2010 :","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c02171256"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du 04 d\u00e9cembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00944.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et 12782 du 07 d\u00e9cembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00428.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 22 juillet 2010 :","url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM du 22 janvier 2010 pour IBM WebSphere :","url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025718"},{"title":"Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :","url":"http://openbsd.org/errata45.html#010_openssl"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0166.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA 1934 du 16 novembre 2009 :","url":"http://www.debian.org/security/2009/dsa-1934"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :","url":"http://rhn.redhat.com/errata/RHSA-2009-1579.html"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0167.html"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010 :","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21390112"},{"title":"Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25 mars 2010 :","url":"http://rhn.redhat.com/errata/RHSA-2010-0163.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et 12782 du 07 d\u00e9cembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00442.html"},{"title":"Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du 04 d\u00e9cembre 2009 :","url":"https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00645.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010 :","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"},{"title":"Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :","url":"http://openbsd.org/errata46.html#004_openssl"}],"reference":"CERTA-2009-AVI-482","revisions":[{"description":"version initiale.","revision_date":"2009-11-06T00:00:00.000000"},{"description":"ajout du bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009.","revision_date":"2009-11-27T00:00:00.000000"},{"description":"ajout du bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010.","revision_date":"2010-01-11T00:00:00.000000"},{"description":"ajout du bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010.","revision_date":"2010-01-13T00:00:00.000000"},{"description":"ajout du bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010.","revision_date":"2010-01-14T00:00:00.000000"},{"description":"ajout des bulletins de s\u00e9curit\u00e9 IBM du 22 et 27 janvier 2010.","revision_date":"2010-01-27T00:00:00.000000"},{"description":"ajout des bulletins de s\u00e9curit\u00e9 Apple, Bluecoat, Cisco, Debian, Fedora, Gentoo, openBSD, ProFTPd, RedHat et Suse.","revision_date":"2010-03-04T00:00:00.000000"},{"description":"ajout des bulletins de s\u00e9curit\u00e9 RedHat et de la r\u00e9f\u00e9rence CVE-2009-3245.","revision_date":"2010-03-26T00:00:00.000000"},{"description":"ajout des bulletins de s\u00e9curit\u00e9 HP.","revision_date":"2010-05-19T00:00:00.000000"},{"description":"ajout du bulletin Cisco.","revision_date":"2010-07-29T00:00:00.000000"},{"description":"ajout du bulletin Microsoft.","revision_date":"2010-08-11T00:00:00.000000"},{"description":"ajout du bulletin IBM WebSphere MQ.","revision_date":"2010-11-29T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans le protocole SSL/TLS permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n","title":"Vuln\u00e9rabilit\u00e9 du protocole SSL/TLS","vendor_advisories":[]}