Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

cannot log in to website (Error Message); transaction.cityofmerced.org.potentially vulnerable CVE-2009-3555

  • 2 antwoorden
  • 0 hebben dit probleem
  • 4 weergaven
  • Laatste antwoord van cor-el

AnonymousUser
AnonymousUser
more options

NEW Login Problem when attempting to pay Utility bill as I've normally done

The WEB site page then displays message: We apologize, the system is temporarily down.

Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox

My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555"

Jave search yields the following

Cyber Risk Report March 29–April 4, 2010 

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555

Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html

Will FireFox browser updates address this security problem???

URL of affected sites

http://transactions.cityofmerced.org/Click2GovCX/Index.jsp

User Agent

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

NEW Login Problem when attempting to pay Utility bill as I've normally done -------------------------------------- The WEB site page then displays message: We apologize, the system is temporarily down. Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox --------------------- My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555" --------------------- Jave search yields the following --------------------- Cyber Risk Report March 29–April 4, 2010 Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555 Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html --------------------------------------------------- Will FireFox browser updates address this security problem??? == URL of affected sites == http://transactions.cityofmerced.org/Click2GovCX/Index.jsp == User Agent == Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

Alle antwoorden (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That message is meant for webmasters to make them aware that they need to fix their servers. Firefox 3.6 versions can detect such a misconfiguration and displays a warning in the "Tools > Error Console".

See https://wiki.mozilla.org/Security:Renegotiation

AnonymousUser
AnonymousUser Vraageigenaar
more options

Thanks cor-el, I sent your answer on to the Webmaster.

I.E. still allows the negotiation of the (TLS) session and I mistook it to mean Firefox had fallen behind and was being refused access by the site.

You're saying because the Browser can detect such a misconfiguration that it won't accept the security risk of a misconfiguration at the site?

I appreciate your reply and explanation!! Bill Rogers