CVE - CVE-2009-3555

CVE-ID
CVE-2009-3555	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021653 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1~~ (Obsolete source) MISC:1021752 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1~~ (Obsolete source) MISC:1023148 URL:http://securitytracker.com/id?1023148 MISC:1023163 URL:http://www.securitytracker.com/id?1023163 MISC:1023204 URL:http://www.securitytracker.com/id?1023204 MISC:1023205 URL:http://www.securitytracker.com/id?1023205 MISC:1023206 URL:http://www.securitytracker.com/id?1023206 MISC:1023207 URL:http://www.securitytracker.com/id?1023207 MISC:1023208 URL:http://www.securitytracker.com/id?1023208 MISC:1023209 URL:http://www.securitytracker.com/id?1023209 MISC:1023210 URL:http://www.securitytracker.com/id?1023210 MISC:1023211 URL:http://www.securitytracker.com/id?1023211 MISC:1023212 URL:http://www.securitytracker.com/id?1023212 MISC:1023213 URL:http://www.securitytracker.com/id?1023213 MISC:1023214 URL:http://www.securitytracker.com/id?1023214 MISC:1023215 URL:http://www.securitytracker.com/id?1023215 MISC:1023216 URL:http://www.securitytracker.com/id?1023216 MISC:1023217 URL:http://www.securitytracker.com/id?1023217 MISC:1023218 URL:http://www.securitytracker.com/id?1023218 MISC:1023219 URL:http://www.securitytracker.com/id?1023219 MISC:1023224 URL:http://www.securitytracker.com/id?1023224 MISC:1023243 URL:http://www.securitytracker.com/id?1023243 MISC:1023270 URL:http://www.securitytracker.com/id?1023270 MISC:1023271 URL:http://www.securitytracker.com/id?1023271 MISC:1023272 URL:http://www.securitytracker.com/id?1023272 MISC:1023273 URL:http://www.securitytracker.com/id?1023273 MISC:1023274 URL:http://www.securitytracker.com/id?1023274 MISC:1023275 URL:http://www.securitytracker.com/id?1023275 MISC:1023411 URL:http://www.securitytracker.com/id?1023411 MISC:1023426 URL:http://www.securitytracker.com/id?1023426 MISC:1023427 URL:http://www.securitytracker.com/id?1023427 MISC:1023428 URL:http://www.securitytracker.com/id?1023428 MISC:1024789 URL:http://www.securitytracker.com/id?1024789 MISC:20091109 Transport Layer Security Renegotiation Vulnerability URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml MISC:20091111 Re: SSL/TLS MiTM PoC URL:http://seclists.org/fulldisclosure/2009/Nov/139 MISC:20091118 TLS / SSLv3 vulnerability explained (DRAFT) URL:http://www.securityfocus.com/archive/1/507952/100/0/threaded MISC:20091124 rPSA-2009-0155-1 httpd mod_ssl URL:http://www.securityfocus.com/archive/1/508075/100/0/threaded MISC:20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) URL:http://www.securityfocus.com/archive/1/508130/100/0/threaded MISC:20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console URL:http://www.securityfocus.com/archive/1/515055/100/0/threaded MISC:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MISC:20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities URL:http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html MISC:273029 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1~~ (Obsolete source) MISC:273350 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1~~ (Obsolete source) MISC:274990 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1~~ (Obsolete source) MISC:36935 URL:http://www.securityfocus.com/bid/36935 MISC:37291 URL:http://secunia.com/advisories/37291 MISC:37292 URL:http://secunia.com/advisories/37292 MISC:37320 URL:http://secunia.com/advisories/37320 MISC:37383 URL:http://secunia.com/advisories/37383 MISC:37399 URL:http://secunia.com/advisories/37399 MISC:37453 URL:http://secunia.com/advisories/37453 MISC:37501 URL:http://secunia.com/advisories/37501 MISC:37504 URL:http://secunia.com/advisories/37504 MISC:37604 URL:http://secunia.com/advisories/37604 MISC:37640 URL:http://secunia.com/advisories/37640 MISC:37656 URL:http://secunia.com/advisories/37656 MISC:37675 URL:http://secunia.com/advisories/37675 MISC:37859 URL:http://secunia.com/advisories/37859 MISC:38003 URL:http://secunia.com/advisories/38003 MISC:38020 URL:http://secunia.com/advisories/38020 MISC:38056 URL:http://secunia.com/advisories/38056 MISC:38241 URL:http://secunia.com/advisories/38241 MISC:38484 URL:http://secunia.com/advisories/38484 MISC:38687 URL:http://secunia.com/advisories/38687 MISC:38781 URL:http://secunia.com/advisories/38781 MISC:39127 URL:http://secunia.com/advisories/39127 MISC:39136 URL:http://secunia.com/advisories/39136 MISC:39242 URL:http://secunia.com/advisories/39242 MISC:39243 URL:http://secunia.com/advisories/39243 MISC:39278 URL:http://secunia.com/advisories/39278 MISC:39292 URL:http://secunia.com/advisories/39292 MISC:39317 URL:http://secunia.com/advisories/39317 MISC:39461 URL:http://secunia.com/advisories/39461 MISC:39500 URL:http://secunia.com/advisories/39500 MISC:39628 URL:http://secunia.com/advisories/39628 MISC:39632 URL:http://secunia.com/advisories/39632 MISC:39713 URL:http://secunia.com/advisories/39713 MISC:39819 URL:http://secunia.com/advisories/39819 MISC:40070 URL:http://secunia.com/advisories/40070 MISC:40545 URL:http://secunia.com/advisories/40545 MISC:40747 URL:http://secunia.com/advisories/40747 MISC:40866 URL:http://secunia.com/advisories/40866 MISC:41480 URL:http://secunia.com/advisories/41480 MISC:41490 URL:http://secunia.com/advisories/41490 MISC:41818 URL:http://secunia.com/advisories/41818 MISC:41967 URL:http://secunia.com/advisories/41967 MISC:41972 URL:http://secunia.com/advisories/41972 MISC:42377 URL:http://secunia.com/advisories/42377 MISC:42379 URL:http://secunia.com/advisories/42379 MISC:42467 URL:http://secunia.com/advisories/42467 MISC:42724 URL:http://secunia.com/advisories/42724 MISC:42733 URL:http://secunia.com/advisories/42733 MISC:42808 URL:http://secunia.com/advisories/42808 MISC:42811 URL:http://secunia.com/advisories/42811 MISC:42816 URL:http://secunia.com/advisories/42816 MISC:43308 URL:http://secunia.com/advisories/43308 MISC:44183 URL:http://secunia.com/advisories/44183 MISC:44954 URL:http://secunia.com/advisories/44954 MISC:48577 URL:http://secunia.com/advisories/48577 MISC:60521 URL:~~http://osvdb.org/60521~~ (Obsolete source) MISC:60972 URL:~~http://osvdb.org/60972~~ (Obsolete source) MISC:62210 URL:~~http://osvdb.org/62210~~ (Obsolete source) MISC:65202 URL:~~http://osvdb.org/65202~~ (Obsolete source) MISC:ADV-2009-3164 URL:~~http://www.vupen.com/english/advisories/2009/3164~~ (Obsolete source) MISC:ADV-2009-3165 URL:~~http://www.vupen.com/english/advisories/2009/3165~~ (Obsolete source) MISC:ADV-2009-3205 URL:~~http://www.vupen.com/english/advisories/2009/3205~~ (Obsolete source) MISC:ADV-2009-3220 URL:~~http://www.vupen.com/english/advisories/2009/3220~~ (Obsolete source) MISC:ADV-2009-3310 URL:~~http://www.vupen.com/english/advisories/2009/3310~~ (Obsolete source) MISC:ADV-2009-3313 URL:~~http://www.vupen.com/english/advisories/2009/3313~~ (Obsolete source) MISC:ADV-2009-3353 URL:~~http://www.vupen.com/english/advisories/2009/3353~~ (Obsolete source) MISC:ADV-2009-3354 URL:~~http://www.vupen.com/english/advisories/2009/3354~~ (Obsolete source) MISC:ADV-2009-3484 URL:~~http://www.vupen.com/english/advisories/2009/3484~~ (Obsolete source) MISC:ADV-2009-3521 URL:~~http://www.vupen.com/english/advisories/2009/3521~~ (Obsolete source) MISC:ADV-2009-3587 URL:~~http://www.vupen.com/english/advisories/2009/3587~~ (Obsolete source) MISC:ADV-2010-0086 URL:~~http://www.vupen.com/english/advisories/2010/0086~~ (Obsolete source) MISC:ADV-2010-0173 URL:~~http://www.vupen.com/english/advisories/2010/0173~~ (Obsolete source) MISC:ADV-2010-0748 URL:~~http://www.vupen.com/english/advisories/2010/0748~~ (Obsolete source) MISC:ADV-2010-0848 URL:~~http://www.vupen.com/english/advisories/2010/0848~~ (Obsolete source) MISC:ADV-2010-0916 URL:~~http://www.vupen.com/english/advisories/2010/0916~~ (Obsolete source) MISC:ADV-2010-0933 URL:~~http://www.vupen.com/english/advisories/2010/0933~~ (Obsolete source) MISC:ADV-2010-0982 URL:~~http://www.vupen.com/english/advisories/2010/0982~~ (Obsolete source) MISC:ADV-2010-0994 URL:~~http://www.vupen.com/english/advisories/2010/0994~~ (Obsolete source) MISC:ADV-2010-1054 URL:~~http://www.vupen.com/english/advisories/2010/1054~~ (Obsolete source) MISC:ADV-2010-1107 URL:~~http://www.vupen.com/english/advisories/2010/1107~~ (Obsolete source) MISC:ADV-2010-1191 URL:~~http://www.vupen.com/english/advisories/2010/1191~~ (Obsolete source) MISC:ADV-2010-1350 URL:~~http://www.vupen.com/english/advisories/2010/1350~~ (Obsolete source) MISC:ADV-2010-1639 URL:~~http://www.vupen.com/english/advisories/2010/1639~~ (Obsolete source) MISC:ADV-2010-1673 URL:~~http://www.vupen.com/english/advisories/2010/1673~~ (Obsolete source) MISC:ADV-2010-1793 URL:~~http://www.vupen.com/english/advisories/2010/1793~~ (Obsolete source) MISC:ADV-2010-2010 URL:~~http://www.vupen.com/english/advisories/2010/2010~~ (Obsolete source) MISC:ADV-2010-2745 URL:~~http://www.vupen.com/english/advisories/2010/2745~~ (Obsolete source) MISC:ADV-2010-3069 URL:~~http://www.vupen.com/english/advisories/2010/3069~~ (Obsolete source) MISC:ADV-2010-3086 URL:~~http://www.vupen.com/english/advisories/2010/3086~~ (Obsolete source) MISC:ADV-2010-3126 URL:~~http://www.vupen.com/english/advisories/2010/3126~~ (Obsolete source) MISC:ADV-2011-0032 URL:~~http://www.vupen.com/english/advisories/2011/0032~~ (Obsolete source) MISC:ADV-2011-0033 URL:~~http://www.vupen.com/english/advisories/2011/0033~~ (Obsolete source) MISC:ADV-2011-0086 URL:~~http://www.vupen.com/english/advisories/2011/0086~~ (Obsolete source) MISC:APPLE-SA-2010-01-19-1 URL:http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html MISC:APPLE-SA-2010-05-18-1 URL:http://lists.apple.com/archives/security-announce/2010//May/msg00001.html MISC:APPLE-SA-2010-05-18-2 URL:http://lists.apple.com/archives/security-announce/2010//May/msg00002.html MISC:DSA-1934 URL:http://www.debian.org/security/2009/dsa-1934 MISC:DSA-2141 URL:http://www.debian.org/security/2011/dsa-2141 MISC:DSA-3253 URL:http://www.debian.org/security/2015/dsa-3253 MISC:FEDORA-2009-12229 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html MISC:FEDORA-2009-12305 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html MISC:FEDORA-2009-12604 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html MISC:FEDORA-2009-12606 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html MISC:FEDORA-2009-12750 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html MISC:FEDORA-2009-12775 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html MISC:FEDORA-2009-12782 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html MISC:FEDORA-2009-12968 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html MISC:FEDORA-2010-16240 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html MISC:FEDORA-2010-16294 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html MISC:FEDORA-2010-16312 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html MISC:FEDORA-2010-5357 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html MISC:FEDORA-2010-5942 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html MISC:FEDORA-2010-6131 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html MISC:GLSA-200912-01 URL:http://security.gentoo.org/glsa/glsa-200912-01.xml MISC:GLSA-201203-22 URL:http://security.gentoo.org/glsa/glsa-201203-22.xml MISC:GLSA-201406-32 URL:http://security.gentoo.org/glsa/glsa-201406-32.xml MISC:HPSBGN02562 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 MISC:HPSBHF02706 URL:http://marc.info/?l=bugtraq&m=132077688910227&w=2 MISC:HPSBHF03293 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 MISC:HPSBMA02534 URL:http://marc.info/?l=bugtraq&m=127419602507642&w=2 MISC:HPSBMA02547 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 MISC:HPSBMA02568 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 MISC:HPSBMU02759 URL:http://www.securityfocus.com/archive/1/522176 MISC:HPSBMU02799 URL:http://marc.info/?l=bugtraq&m=134254866602253&w=2 MISC:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:HPSBOV02762 URL:http://marc.info/?l=bugtraq&m=133469267822771&w=2 MISC:HPSBUX02482 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 MISC:HPSBUX02498 URL:http://marc.info/?l=bugtraq&m=126150535619567&w=2 MISC:HPSBUX02517 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MISC:HPSBUX02524 URL:http://marc.info/?l=bugtraq&m=127557596201693&w=2 MISC:IC67848 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 MISC:IC68054 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 MISC:IC68055 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 MISC:MDVSA-2010:076 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:076~~ (Obsolete source) MISC:MDVSA-2010:084 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:084~~ (Obsolete source) MISC:MDVSA-2010:089 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:089~~ (Obsolete source) MISC:MS10-049 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 MISC:PM00675 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only MISC:PM12247 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 MISC:RHSA-2010:0119 URL:http://www.redhat.com/support/errata/RHSA-2010-0119.html MISC:RHSA-2010:0130 URL:http://www.redhat.com/support/errata/RHSA-2010-0130.html MISC:RHSA-2010:0155 URL:http://www.redhat.com/support/errata/RHSA-2010-0155.html MISC:RHSA-2010:0165 URL:http://www.redhat.com/support/errata/RHSA-2010-0165.html MISC:RHSA-2010:0167 URL:http://www.redhat.com/support/errata/RHSA-2010-0167.html MISC:RHSA-2010:0337 URL:http://www.redhat.com/support/errata/RHSA-2010-0337.html MISC:RHSA-2010:0338 URL:http://www.redhat.com/support/errata/RHSA-2010-0338.html MISC:RHSA-2010:0339 URL:http://www.redhat.com/support/errata/RHSA-2010-0339.html MISC:RHSA-2010:0768 URL:http://www.redhat.com/support/errata/RHSA-2010-0768.html MISC:RHSA-2010:0770 URL:http://www.redhat.com/support/errata/RHSA-2010-0770.html MISC:RHSA-2010:0786 URL:http://www.redhat.com/support/errata/RHSA-2010-0786.html MISC:RHSA-2010:0807 URL:http://www.redhat.com/support/errata/RHSA-2010-0807.html MISC:RHSA-2010:0865 URL:http://www.redhat.com/support/errata/RHSA-2010-0865.html MISC:RHSA-2010:0986 URL:http://www.redhat.com/support/errata/RHSA-2010-0986.html MISC:RHSA-2010:0987 URL:http://www.redhat.com/support/errata/RHSA-2010-0987.html MISC:RHSA-2011:0880 URL:http://www.redhat.com/support/errata/RHSA-2011-0880.html MISC:SSA:2009-320-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 MISC:SSRT090180 URL:http://marc.info/?l=bugtraq&m=127419602507642&w=2 MISC:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:SSRT090249 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 MISC:SSRT090264 URL:http://marc.info/?l=bugtraq&m=126150535619567&w=2 MISC:SSRT100058 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MISC:SSRT100089 URL:http://marc.info/?l=bugtraq&m=127557596201693&w=2 MISC:SSRT100179 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 MISC:SSRT100219 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 MISC:SSRT100613 URL:http://marc.info/?l=bugtraq&m=132077688910227&w=2 MISC:SSRT100817 URL:http://www.securityfocus.com/archive/1/522176 MISC:SSRT100825 URL:http://marc.info/?l=bugtraq&m=133469267822771&w=2 MISC:SSRT101846 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 MISC:SUSE-SA:2009:057 URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html MISC:SUSE-SA:2010:061 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html MISC:SUSE-SR:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html MISC:SUSE-SR:2010:011 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html MISC:SUSE-SR:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html MISC:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html MISC:SUSE-SR:2010:019 URL:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html MISC:SUSE-SR:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html MISC:SUSE-SU-2011:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html MISC:TA10-222A URL:http://www.us-cert.gov/cas/techalerts/TA10-222A.html MISC:TA10-287A URL:http://www.us-cert.gov/cas/techalerts/TA10-287A.html MISC:USN-1010-1 URL:http://www.ubuntu.com/usn/USN-1010-1 MISC:USN-923-1 URL:http://ubuntu.com/usn/usn-923-1 MISC:USN-927-1 URL:http://www.ubuntu.com/usn/USN-927-1 MISC:USN-927-4 URL:http://www.ubuntu.com/usn/USN-927-4 MISC:USN-927-5 URL:http://www.ubuntu.com/usn/USN-927-5 MISC:VU#120541 URL:http://www.kb.cert.org/vuls/id/120541 MISC:[4.5] 010: SECURITY FIX: November 26, 2009 URL:http://openbsd.org/errata45.html#010_openssl MISC:[4.6] 004: SECURITY FIX: November 26, 2009 URL:http://openbsd.org/errata46.html#004_openssl MISC:[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation URL:http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 MISC:[cryptography] 20091105 OpenSSL 0.9.8l released URL:http://marc.info/?l=cryptography&m=125752275331877&w=2 MISC:[gnutls-devel] 20091105 Re: TLS renegotiation MITM URL:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html MISC:[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks URL:http://www.openwall.com/lists/oss-security/2009/11/05/3 MISC:[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks URL:http://www.openwall.com/lists/oss-security/2009/11/05/5 MISC:[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks URL:http://www.openwall.com/lists/oss-security/2009/11/06/3 MISC:[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks URL:http://www.openwall.com/lists/oss-security/2009/11/07/3 MISC:[oss-security] 20091120 CVEs for nginx URL:http://www.openwall.com/lists/oss-security/2009/11/20/1 MISC:[oss-security] 20091123 Re: CVEs for nginx URL:http://www.openwall.com/lists/oss-security/2009/11/23/10 MISC:[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation URL:http://www.ietf.org/mail-archive/web/tls/current/msg03928.html MISC:[tls] 20091104 TLS renegotiation issue URL:http://www.ietf.org/mail-archive/web/tls/current/msg03948.html MISC:[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ URL:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ URL:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E MISC:http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html URL:http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html MISC:~~http://blogs.iss.net/archive/sslmitmiscsrf.html~~ (Obsolete source - check if archived by the Wayback Machine) URL:~~http://blogs.iss.net/archive/sslmitmiscsrf.html~~ (Obsolete source - check if archived by the Wayback Machine) MISC:~~http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during~~ (Obsolete source) URL:~~http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during~~ (Obsolete source) MISC:http://clicky.me/tlsvuln URL:http://clicky.me/tlsvuln MISC:http://extendedsubset.com/?p=8 URL:http://extendedsubset.com/?p=8 MISC:http://extendedsubset.com/Renegotiating_TLS.pdf URL:http://extendedsubset.com/Renegotiating_TLS.pdf MISC:http://kbase.redhat.com/faq/docs/DOC-20491 URL:http://kbase.redhat.com/faq/docs/DOC-20491 MISC:http://support.apple.com/kb/HT4004 URL:http://support.apple.com/kb/HT4004 MISC:http://support.apple.com/kb/HT4170 URL:http://support.apple.com/kb/HT4170 MISC:http://support.apple.com/kb/HT4171 URL:http://support.apple.com/kb/HT4171 MISC:http://support.avaya.com/css/P8/documents/100070150 URL:http://support.avaya.com/css/P8/documents/100070150 MISC:http://support.avaya.com/css/P8/documents/100081611 URL:http://support.avaya.com/css/P8/documents/100081611 MISC:http://support.avaya.com/css/P8/documents/100114315 URL:http://support.avaya.com/css/P8/documents/100114315 MISC:http://support.avaya.com/css/P8/documents/100114327 URL:http://support.avaya.com/css/P8/documents/100114327 MISC:http://support.citrix.com/article/CTX123359 URL:http://support.citrix.com/article/CTX123359 MISC:http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES URL:http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES MISC:http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released URL:http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released MISC:http://sysoev.ru/nginx/patch.cve-2009-3555.txt URL:http://sysoev.ru/nginx/patch.cve-2009-3555.txt MISC:http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html URL:http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html MISC:http://wiki.rpath.com/Advisories:rPSA-2009-0155 URL:http://wiki.rpath.com/Advisories:rPSA-2009-0155 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21426108 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21426108 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21432298 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21432298 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg24006386 URL:http://www-01.ibm.com/support/docview.wss?uid=swg24006386 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg24025312 URL:http://www-01.ibm.com/support/docview.wss?uid=swg24025312 MISC:http://www.arubanetworks.com/support/alerts/aid-020810.txt URL:http://www.arubanetworks.com/support/alerts/aid-020810.txt MISC:http://www.betanews.com/article/1257452450 URL:http://www.betanews.com/article/1257452450 MISC:http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html URL:http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html MISC:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html URL:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html MISC:http://www.ingate.com/Relnote.php?ver=481 URL:http://www.ingate.com/Relnote.php?ver=481 MISC:http://www.links.org/?p=780 URL:http://www.links.org/?p=780 MISC:http://www.links.org/?p=786 URL:http://www.links.org/?p=786 MISC:http://www.links.org/?p=789 URL:http://www.links.org/?p=789 MISC:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html URL:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html MISC:http://www.openoffice.org/security/cves/CVE-2009-3555.html URL:http://www.openoffice.org/security/cves/CVE-2009-3555.html MISC:http://www.openssl.org/news/secadv_20091111.txt URL:http://www.openssl.org/news/secadv_20091111.txt MISC:http://www.opera.com/docs/changelogs/unix/1060/ URL:http://www.opera.com/docs/changelogs/unix/1060/ MISC:http://www.opera.com/support/search/view/944/ URL:http://www.opera.com/support/search/view/944/ MISC:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html URL:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html MISC:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html URL:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MISC:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html URL:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html MISC:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c URL:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c MISC:http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html URL:http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html MISC:http://www.tombom.co.uk/blog/?p=85 URL:http://www.tombom.co.uk/blog/?p=85 MISC:http://www.vmware.com/security/advisories/VMSA-2010-0019.html URL:http://www.vmware.com/security/advisories/VMSA-2010-0019.html MISC:http://www.vmware.com/security/advisories/VMSA-2011-0003.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0003.html MISC:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html URL:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html MISC:http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html URL:http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=526689 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=526689 MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=545755 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=545755 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=533125 URL:https://bugzilla.redhat.com/show_bug.cgi?id=533125 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 MISC:https://kb.bluecoat.com/index?page=content&id=SA50 URL:https://kb.bluecoat.com/index?page=content&id=SA50 MISC:https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html URL:https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html MISC:https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt URL:https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt MISC:openSUSE-SU-2011:0845 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html MISC:oval:org.mitre.oval:def:10088 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 MISC:oval:org.mitre.oval:def:11578 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 MISC:oval:org.mitre.oval:def:11617 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 MISC:oval:org.mitre.oval:def:7315 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 MISC:oval:org.mitre.oval:def:7478 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 MISC:oval:org.mitre.oval:def:7973 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 MISC:oval:org.mitre.oval:def:8366 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 MISC:oval:org.mitre.oval:def:8535 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 MISC:tls-renegotiation-weak-security(54158) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
Assigning CNA
Red Hat, Inc.
Date Record Created
20091005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)