CVE-2009-3555

CVSS V2 Medium 5.8 CVSS V3 None
Description
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Overview
  • CVE ID
  • CVE-2009-3555
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-11-09T17:30:00
  • Last Modified Date
  • 2023-02-13T02:20:27
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 1 OR 2.2.14
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* 1 OR 2.8.5
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:* 1 OR 3.12.4
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1 OR 0.9.8k
cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* 1 OR 0.1.0 0.8.22
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 5.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 4.9
References
Reference URL Reference Tags
http://www.tombom.co.uk/blog/?p=85 Broken Link
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Third Party Advisory
http://secunia.com/advisories/37292 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 Issue Tracking Third Party Advisory
http://extendedsubset.com/?p=8 Broken Link
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html Third Party Advisory
http://www.vupen.com/english/advisories/2009/3165 Third Party Advisory
http://marc.info/?l=cryptography&m=125752275331877&w=2 Third Party Advisory
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during Third Party Advisory
http://www.vupen.com/english/advisories/2009/3164 Third Party Advisory
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 Third Party Advisory
http://kbase.redhat.com/faq/docs/DOC-20491 Third Party Advisory
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt Third Party Advisory
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html Third Party Advisory
http://www.securityfocus.com/bid/36935 Exploit Patch Third Party Advisory VDB Entry
http://www.betanews.com/article/1257452450 Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/06/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/05/3 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=533125 Issue Tracking Third Party Advisory
http://www.links.org/?p=780 Third Party Advisory
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html Third Party Advisory
http://secunia.com/advisories/37291 Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/05/5 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/07/3 Mailing List Third Party Advisory
http://extendedsubset.com/Renegotiating_TLS.pdf Broken Link
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml Third Party Advisory
http://www.securitytracker.com/id?1023163 Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/120541 Third Party Advisory US Government Resource
http://www.links.org/?p=789 Third Party Advisory
http://seclists.org/fulldisclosure/2009/Nov/139 Mailing List Third Party Advisory
http://blogs.iss.net/archive/sslmitmiscsrf.html Broken Link
http://www.links.org/?p=786 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3220 Third Party Advisory
http://support.citrix.com/article/CTX123359 Third Party Advisory
http://secunia.com/advisories/37320 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3205 Third Party Advisory
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html Third Party Advisory
http://securitytracker.com/id?1023148 Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 Broken Link
http://www.debian.org/security/2009/dsa-1934 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html Third Party Advisory
http://sysoev.ru/nginx/patch.cve-2009-3555.txt Broken Link
http://www.openwall.com/lists/oss-security/2009/11/20/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/23/10 Mailing List Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0155 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html Third Party Advisory
http://www.securitytracker.com/id?1023272 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html Third Party Advisory
http://www.securitytracker.com/id?1023271 Third Party Advisory VDB Entry
http://openbsd.org/errata45.html#010_openssl Third Party Advisory
http://www.securitytracker.com/id?1023207 Third Party Advisory VDB Entry
http://secunia.com/advisories/37656 Third Party Advisory
http://www.securitytracker.com/id?1023211 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023218 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/3353 Third Party Advisory
http://www.securitytracker.com/id?1023209 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023273 Third Party Advisory VDB Entry
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory
http://www.securitytracker.com/id?1023215 Third Party Advisory VDB Entry
http://www.ingate.com/Relnote.php?ver=481 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html Third Party Advisory
http://secunia.com/advisories/37504 Third Party Advisory
http://www.securitytracker.com/id?1023208 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023212 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023243 Third Party Advisory VDB Entry
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html Third Party Advisory
http://clicky.me/tlsvuln Exploit Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html Third Party Advisory
http://www.securitytracker.com/id?1023204 Third Party Advisory VDB Entry
http://secunia.com/advisories/37501 Third Party Advisory
http://www.securitytracker.com/id?1023217 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023210 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023274 Third Party Advisory VDB Entry
http://secunia.com/advisories/37675 Third Party Advisory
http://www.securitytracker.com/id?1023205 Third Party Advisory VDB Entry
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 Broken Link
http://www.securitytracker.com/id?1023275 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023216 Third Party Advisory VDB Entry
http://openbsd.org/errata46.html#004_openssl Third Party Advisory
http://www.securitytracker.com/id?1023270 Third Party Advisory VDB Entry
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html Third Party Advisory
http://www.securitytracker.com/id?1023206 Third Party Advisory VDB Entry
http://osvdb.org/60521 Broken Link
http://www.securitytracker.com/id?1023219 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/3354 Third Party Advisory
http://secunia.com/advisories/37604 Third Party Advisory
http://secunia.com/advisories/37859 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3484 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3587 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html Third Party Advisory
http://secunia.com/advisories/37640 Third Party Advisory
http://osvdb.org/60972 Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only Third Party Advisory
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c Broken Link
http://www.vupen.com/english/advisories/2009/3521 Third Party Advisory
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html Broken Link
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html Mailing List Third Party Advisory
http://secunia.com/advisories/38056 Third Party Advisory
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES Broken Link
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released Broken Link
http://support.apple.com/kb/HT4004 Third Party Advisory
http://secunia.com/advisories/38241 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0173 Third Party Advisory
http://secunia.com/advisories/38484 Third Party Advisory
http://osvdb.org/62210 Broken Link
http://www.arubanetworks.com/support/alerts/aid-020810.txt Broken Link
http://www.vupen.com/english/advisories/2010/0086 Third Party Advisory
http://secunia.com/advisories/38003 Third Party Advisory
http://support.avaya.com/css/P8/documents/100070150 Third Party Advisory
http://www.securitytracker.com/id?1023428 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023427 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023411 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023426 Third Party Advisory VDB Entry
http://www.redhat.com/support/errata/RHSA-2010-0119.html Third Party Advisory
http://secunia.com/advisories/38687 Third Party Advisory
http://secunia.com/advisories/38020 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0167.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0155.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/0748 Third Party Advisory
http://secunia.com/advisories/39243 Third Party Advisory
http://secunia.com/advisories/39136 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 Issue Tracking Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html Third Party Advisory
http://secunia.com/advisories/39242 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0338.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0339.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html Third Party Advisory
http://secunia.com/advisories/39317 Third Party Advisory
http://ubuntu.com/usn/usn-923-1 Third Party Advisory
http://secunia.com/advisories/39292 Third Party Advisory
http://secunia.com/advisories/37453 Third Party Advisory
http://www.securitytracker.com/id?1023224 Third Party Advisory VDB Entry
http://secunia.com/advisories/37383 Third Party Advisory
http://secunia.com/advisories/37399 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3310 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3313 Third Party Advisory
http://www.securitytracker.com/id?1023214 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023213 Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0848 Third Party Advisory
http://secunia.com/advisories/38781 Third Party Advisory
http://secunia.com/advisories/39278 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0130.html Third Party Advisory
http://www.ubuntu.com/usn/USN-927-1 Third Party Advisory
http://secunia.com/advisories/39500 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0982 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 Broken Link
http://www.vupen.com/english/advisories/2010/0933 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Broken Link
http://secunia.com/advisories/39628 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html Third Party Advisory
http://secunia.com/advisories/39461 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0916 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 Broken Link
http://www.vupen.com/english/advisories/2010/1054 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html Third Party Advisory
http://support.avaya.com/css/P8/documents/100081611 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0165.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html Third Party Advisory
http://secunia.com/advisories/39632 Third Party Advisory
http://secunia.com/advisories/39713 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0994 Third Party Advisory
http://marc.info/?l=bugtraq&m=127419602507642&w=2 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107 Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Mailing List Third Party Advisory
http://secunia.com/advisories/39819 Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html Mailing List Third Party Advisory
http://support.apple.com/kb/HT4170 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 Broken Link
http://support.apple.com/kb/HT4171 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1191 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/1350 Third Party Advisory
http://secunia.com/advisories/40070 Third Party Advisory
http://osvdb.org/65202 Broken Link
http://www.openoffice.org/security/cves/CVE-2009-3555.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 Broken Link
http://secunia.com/advisories/39127 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1639 Third Party Advisory
http://www.opera.com/support/search/view/944/ Third Party Advisory
http://www.ubuntu.com/usn/USN-927-5 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1673 Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1060/ Third Party Advisory
http://www.ubuntu.com/usn/USN-927-4 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1793 Third Party Advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link
http://secunia.com/advisories/40545 Third Party Advisory
http://secunia.com/advisories/40747 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 Broken Link
http://www.vupen.com/english/advisories/2010/2010 Third Party Advisory
http://secunia.com/advisories/40866 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-222A.html Third Party Advisory US Government Resource
http://secunia.com/advisories/41490 Third Party Advisory
http://secunia.com/advisories/41480 Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 Third Party Advisory
http://www.vupen.com/english/advisories/2010/2745 Third Party Advisory
http://support.avaya.com/css/P8/documents/100114315 Third Party Advisory
http://support.avaya.com/css/P8/documents/100114327 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0770.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory US Government Resource
http://www.ubuntu.com/usn/USN-1010-1 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0786.html Third Party Advisory
http://secunia.com/advisories/41972 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0807.html Third Party Advisory
http://secunia.com/advisories/41967 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0865.html Third Party Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0768.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/3086 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 Third Party Advisory
http://secunia.com/advisories/42379 Third Party Advisory
http://secunia.com/advisories/42377 Third Party Advisory
http://www.securitytracker.com/id?1024789 Third Party Advisory VDB Entry
http://secunia.com/advisories/42467 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3126 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0019.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/3069 Third Party Advisory
http://secunia.com/advisories/42811 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0032 Third Party Advisory
http://www.debian.org/security/2011/dsa-2141 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0986.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0987.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Third Party Advisory
http://secunia.com/advisories/42724 Third Party Advisory
http://secunia.com/advisories/42816 Third Party Advisory
http://secunia.com/advisories/42808 Third Party Advisory
http://secunia.com/advisories/42733 Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0033 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0086 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Third Party Advisory
http://secunia.com/advisories/43308 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory
http://secunia.com/advisories/44183 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0880.html Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Third Party Advisory
http://secunia.com/advisories/44954 Third Party Advisory
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html Exploit Third Party Advisory
http://www.securityfocus.com/archive/1/522176 Third Party Advisory VDB Entry
http://security.gentoo.org/glsa/glsa-201203-22.xml Third Party Advisory
http://secunia.com/advisories/48577 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory
http://www.openssl.org/news/secadv_20091111.txt Third Party Advisory
http://secunia.com/advisories/41818 Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory
http://www.debian.org/security/2015/dsa-3253 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory
http://marc.info/?l=bugtraq&m=127128920008563&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=126150535619567&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=133469267822771&w=2 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 Third Party Advisory
http://www.securityfocus.com/archive/1/516397/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/515055/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/508130/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/508075/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/507952/100/0/threaded Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
History
Created Old Value New Value Data Type Notes
2022-05-10 07:24:23 Added to TrackCVE
2023-02-02 19:02:37 2023-02-02T17:16:43 CVE Modified Date updated
2023-02-02 19:02:37 Analyzed Modified Vulnerability Status updated
2023-02-02 19:02:38 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVE-2009-3555 TLS: MITM attacks via session renegotiation Description updated
2023-02-13 03:03:21 2023-02-13T02:20:27 CVE Modified Date updated
2023-02-13 03:03:22 CVE-2009-3555 TLS: MITM attacks via session renegotiation The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Description updated