Regarding the vuln "TLS / SSL Man-In-The-Middle Renegotiation Vulnerability", Foundstone does not present a recommendation in the vuln details.
However we have been applying multiple vendor patches that do fix the issue, and Foundstone Scans recognize that the vuln as been fixed.
Therefore I would suggest the Vuln recommendation to be a little different. Since it may lead to confusion, instead of suggesting contacting each vendor (that uses SSL) for a patch.
Could you tell me the patch applied on your vulnerable systems?, because I installed the patch mentioned in Foundstone report, but the vulnerability still continues. I have WinServer 2003 SP2, and HP System Management Homepage in the vulnerable system only. Can you help me?, please!
JumercadoEl mensaje fue editado por: jumercado on 7/12/09 09:59:49 AM CST
I went back to my R&D team and we are having trouble locating any patches for this vulnerability. Can you list out a few that you found so we can try and get this resolved?
The patch mentioned in Foundstone report for HP System Management Homepage, is upgrade to version 22.214.171.124 released by manufacturer.