You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@servicemix.apache.org by "David M. Lee" <le...@yahoo.com> on 2009/11/16 16:41:50 UTC

CVE-2009-3555 - SSL/TLS man-in-the-middle attack.

Is ServiceMix vulnerable to the attack described in CVE-2009-3555?

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

A workaround has been committed for Jetty, but has not yet been released.
http://archive.codehaus.org/lists/org.codehaus.jetty.dev/msg/4AFCE87D.5020300@webtide.com
http://fisheye.codehaus.org/qsearch/jetty?q=cve-2009-3555

Thanks!
dave
<><