Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

cannot log in to website (Error Message); transaction.cityofmerced.org.potentially vulnerable CVE-2009-3555

  • 2 trả lời
  • 0 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

AnonymousUser
AnonymousUser
more options

NEW Login Problem when attempting to pay Utility bill as I've normally done

The WEB site page then displays message: We apologize, the system is temporarily down.

Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox

My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555"

Jave search yields the following

Cyber Risk Report March 29–April 4, 2010 

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555

Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html

Will FireFox browser updates address this security problem???

URL of affected sites

http://transactions.cityofmerced.org/Click2GovCX/Index.jsp

User Agent

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

NEW Login Problem when attempting to pay Utility bill as I've normally done -------------------------------------- The WEB site page then displays message: We apologize, the system is temporarily down. Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox --------------------- My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555" --------------------- Jave search yields the following --------------------- Cyber Risk Report March 29–April 4, 2010 Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555 Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html --------------------------------------------------- Will FireFox browser updates address this security problem??? == URL of affected sites == http://transactions.cityofmerced.org/Click2GovCX/Index.jsp == User Agent == Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

Tất cả các câu trả lời (2)

cor-el
cor-el
  • Top 25 Contributor
  • Moderator
more options

That message is meant for webmasters to make them aware that they need to fix their servers. Firefox 3.6 versions can detect such a misconfiguration and displays a warning in the "Tools > Error Console".

See https://wiki.mozilla.org/Security:Renegotiation

AnonymousUser
AnonymousUser Người tạo câu hỏi
more options

Thanks cor-el, I sent your answer on to the Webmaster.

I.E. still allows the negotiation of the (TLS) session and I mistook it to mean Firefox had fallen behind and was being refused access by the site.

You're saying because the Browser can detect such a misconfiguration that it won't accept the security risk of a misconfiguration at the site?

I appreciate your reply and explanation!! Bill Rogers