- Home
- CVEs with nessus.description==Pound, a HTTP reverse proxy and load balancer, had several issues
related to vulnerabilities in the Secure Sockets Layer (SSL) protocol.
For Debian 7 (wheezy) this update adds a missing part to make it
actually possible to disable client-initiated renegotiation and
disables it by default (CVE-2009-3555 ). TLS compression is disabled
(CVE-2012-4929 ), although this is normally already disabled by the
OpenSSL system library. Finally it adds the ability to disable the
SSLv3 protocol (CVE-2014-3566 ) entirely via the new 'DisableSSLv3'
configuration directive, although it will not disabled by default in
this update. Additionally a non-security sensitive issue in redirect
encoding is addressed.
For Debian 8 (jessie) these issues have been fixed prior to the
release, with the exception of client-initiated renegotiation
(CVE-2009-3555 ). This update addresses that issue for jessie.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top