Release date:
Updated on:
Affected Systems:
Sun SDK
VMWare VirtualCenter
HP System Management Homepage
IBM Java
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49778
Cve id: CVE-2011-3389
SSL (Secure Socket Layer) is developed by Netscape to ensure the security of data transmission over the Internet, it ensures that data is not intercepted or eavesdropped during network transmission. Secure transport layer (TLS) is used to provide confidentiality and data integrity between two communication applications.
SSL and TLS protocols have the information leakage vulnerability. Man-in-the-middle attackers can exploit this vulnerability to decrypt communications and cause information leakage.
<* Source: Thai Duong
Juliano Rizzo
Link: http://www.securityfocus.com/bid/49778/references
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/