1326736 – qpid-cpp: SSL Broker vulnerable to RC4 and Secure Client-Initiated Renegotiation (CVE-2009-3555)

Bug 1326736 - qpid-cpp: SSL Broker vulnerable to RC4 and Secure Client-Initiated Renegotiation (CVE-2009-3555)

Summary: qpid-cpp: SSL Broker vulnerable to RC4 and Secure Client-Initiated Renegotiat...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1325804
Blocks:	1326743
TreeView+	depends on / blocked

Reported:	2016-04-13 11:57 UTC by Adam Mariš
Modified:	2021-10-21 00:51 UTC (History)
CC List:	26 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:51:47 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Mariš 2016-04-13 11:57:55 UTC

It was reported that Qpid SSL broker is vulnerable to RC4 and Secure Client-Initiated Renegotiation.

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1325804

Comment 1 Adam Mariš 2016-04-13 11:58:11 UTC

Acknowledgments:

Name: Petr Matousek (Red Hat)

Note You need to log in before you can comment on or make changes to this bug.

abaron
apevec
bhu
bkearney
cbillett
chrisw
dallan
gkotton
iboverma
jmatthew
jross
jschluet
lhh
lpeer
markmc
mcressma
mmccune
ohadlevy
rbryant
rrajasek
sclewis
security-response-team
tdecacqu
tlestach
tsanders
williams