CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Publish Date : 2009-11-09 Last Update Date : 2014-11-13
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.8
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 310

- Vendor Statements

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
Source: Redhat

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat moderate
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N 2009-10-02 2009-11-05
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
AIX OpenSSL session renegotiation vulnerability oval:org.mitre.oval:def:11617 unix
CVE-2009-3555 oval:org.opensuse.security:def:20093555 unix
DEPRECATED: ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23199 unix
DSA-1934 apache2 -- multiple issues oval:org.mitre.oval:def:8201 unix
DSA-1934-1 apache2 -- multiple issues oval:org.mitre.oval:def:13623 unix
DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12707 unix
DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12801 unix
DSA-2626-1 lighttpd - several issues oval:org.mitre.oval:def:20070 unix
ELSA-2009:1579: httpd security update (Moderate) oval:org.mitre.oval:def:22820 unix
ELSA-2009:1694: java-1.6.0-ibm security update (Critical) oval:org.mitre.oval:def:22907 unix
ELSA-2010-0162 -- openssl security update (important) oval:org.mitre.oval:def:27748 unix
ELSA-2010-0164 -- openssl097a security update (moderate) oval:org.mitre.oval:def:27295 unix
ELSA-2010-0166 -- gnutls security update (moderate) oval:org.mitre.oval:def:27881 unix
ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) oval:org.mitre.oval:def:28269 unix
ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) oval:org.mitre.oval:def:28188 unix
ELSA-2010:0130: java-1.5.0-ibm security update (Moderate) oval:org.mitre.oval:def:22745 unix
ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) oval:org.mitre.oval:def:22913 unix
ELSA-2010:0162: openssl security update (Important) oval:org.mitre.oval:def:23054 unix
ELSA-2010:0164: openssl097a security update (Moderate) oval:org.mitre.oval:def:23090 unix
ELSA-2010:0165: nss security update (Moderate) oval:org.mitre.oval:def:22993 unix
ELSA-2010:0166: gnutls security update (Moderate) oval:org.mitre.oval:def:23000 unix
ELSA-2010:0337: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22952 unix
ELSA-2010:0338: java-1.5.0-sun security update (Critical) oval:org.mitre.oval:def:23097 unix
ELSA-2010:0339: java-1.6.0-openjdk security update (Important) oval:org.mitre.oval:def:22994 unix
ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:22962 unix
ELSA-2010:0770: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22954 unix
ELSA-2010:0786: java-1.4.2-ibm security update (Critical) oval:org.mitre.oval:def:23065 unix
ELSA-2010:0807: java-1.5.0-ibm security update (Critical) oval:org.mitre.oval:def:22873 unix
ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:23563 unix
ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23453 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-3555

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Http Server 0.8.11 Version Details Vulnerabilities
2 Application Apache Http Server 0.8.14 Version Details Vulnerabilities
3 Application Apache Http Server 1.0 Version Details Vulnerabilities
4 Application Apache Http Server 1.0.2 Version Details Vulnerabilities
5 Application Apache Http Server 1.0.3 Version Details Vulnerabilities
6 Application Apache Http Server 1.0.5 Version Details Vulnerabilities
7 Application Apache Http Server 1.1.1 Version Details Vulnerabilities
8 Application Apache Http Server 1.2 Version Details Vulnerabilities
9 Application Apache Http Server 1.2.4 Version Details Vulnerabilities
10 Application Apache Http Server 1.2.5 Version Details Vulnerabilities
11 Application Apache Http Server 1.2.6 Version Details Vulnerabilities
12 Application Apache Http Server 1.3 Version Details Vulnerabilities
13 Application Apache Http Server 1.3.0 Version Details Vulnerabilities
14 Application Apache Http Server 1.3.1.1 Version Details Vulnerabilities
15 Application Apache Http Server 1.3.2 Version Details Vulnerabilities
16 Application Apache Http Server 1.3.3 Version Details Vulnerabilities
17 Application Apache Http Server 1.3.4 Version Details Vulnerabilities
18 Application Apache Http Server 1.3.5 Version Details Vulnerabilities
19 Application Apache Http Server 1.3.6 Version Details Vulnerabilities
20 Application Apache Http Server 1.3.7 DEV Version Details Vulnerabilities
21 Application Apache Http Server 1.3.7 Version Details Vulnerabilities
22 Application Apache Http Server 1.3.8 Version Details Vulnerabilities
23 Application Apache Http Server 1.3.9 Version Details Vulnerabilities
24 Application Apache Http Server 1.3.11 Version Details Vulnerabilities
25 Application Apache Http Server 1.3.12 Version Details Vulnerabilities
26 Application Apache Http Server 1.3.13 Version Details Vulnerabilities
27 Application Apache Http Server 1.3.14 Version Details Vulnerabilities
28 Application Apache Http Server 1.3.15 Version Details Vulnerabilities
29 Application Apache Http Server 1.3.16 Version Details Vulnerabilities
30 Application Apache Http Server 1.3.17 Version Details Vulnerabilities
31 Application Apache Http Server 1.3.18 Version Details Vulnerabilities
32 Application Apache Http Server 1.3.19 Version Details Vulnerabilities
33 Application Apache Http Server 1.3.20 Version Details Vulnerabilities
34 Application Apache Http Server 1.3.22 Version Details Vulnerabilities
35 Application Apache Http Server 1.3.23 Version Details Vulnerabilities
36 Application Apache Http Server 1.3.24 Version Details Vulnerabilities
37 Application Apache Http Server 1.3.25 Version Details Vulnerabilities
38 Application Apache Http Server 1.3.26 Version Details Vulnerabilities
39 Application Apache Http Server 1.3.27 Version Details Vulnerabilities
40 Application Apache Http Server 1.3.28 Version Details Vulnerabilities
41 Application Apache Http Server 1.3.29 Version Details Vulnerabilities
42 Application Apache Http Server 1.3.30 Version Details Vulnerabilities
43 Application Apache Http Server 1.3.31 Version Details Vulnerabilities
44 Application Apache Http Server 1.3.32 Version Details Vulnerabilities
45 Application Apache Http Server 1.3.33 Version Details Vulnerabilities
46 Application Apache Http Server 1.3.34 Version Details Vulnerabilities
47 Application Apache Http Server 1.3.35 Version Details Vulnerabilities
48 Application Apache Http Server 1.3.36 Version Details Vulnerabilities
49 Application Apache Http Server 1.3.37 Version Details Vulnerabilities
50 Application Apache Http Server 1.3.38 Version Details Vulnerabilities
51 Application Apache Http Server 1.3.39 Version Details Vulnerabilities
52 Application Apache Http Server 1.3.65 Version Details Vulnerabilities
53 Application Apache Http Server 1.3.68 Version Details Vulnerabilities
54 Application Apache Http Server 1.4.0 Version Details Vulnerabilities
55 Application Apache Http Server 1.99 Version Details Vulnerabilities
56 Application Apache Http Server 2.0 Version Details Vulnerabilities
57 Application Apache Http Server 2.0.9 Version Details Vulnerabilities
58 Application Apache Http Server 2.0.28 Beta Version Details Vulnerabilities
59 Application Apache Http Server 2.0.28 Version Details Vulnerabilities
60 Application Apache Http Server 2.0.32 Beta Version Details Vulnerabilities
61 Application Apache Http Server 2.0.32 Version Details Vulnerabilities
62 Application Apache Http Server 2.0.34 Beta Version Details Vulnerabilities
63 Application Apache Http Server 2.0.35 Version Details Vulnerabilities
64 Application Apache Http Server 2.0.36 Version Details Vulnerabilities
65 Application Apache Http Server 2.0.37 Version Details Vulnerabilities
66 Application Apache Http Server 2.0.38 Version Details Vulnerabilities
67 Application Apache Http Server 2.0.39 Version Details Vulnerabilities
68 Application Apache Http Server 2.0.40 Version Details Vulnerabilities
69 Application Apache Http Server 2.0.41 Version Details Vulnerabilities
70 Application Apache Http Server 2.0.42 Version Details Vulnerabilities
71 Application Apache Http Server 2.0.43 Version Details Vulnerabilities
72 Application Apache Http Server 2.0.44 Version Details Vulnerabilities
73 Application Apache Http Server 2.0.45 Version Details Vulnerabilities
74 Application Apache Http Server 2.0.46 Win32 Version Details Vulnerabilities
75 Application Apache Http Server 2.0.46 Version Details Vulnerabilities
76 Application Apache Http Server 2.0.47 Version Details Vulnerabilities
77 Application Apache Http Server 2.0.48 Version Details Vulnerabilities
78 Application Apache Http Server 2.0.49 Version Details Vulnerabilities
79 Application Apache Http Server 2.0.50 Version Details Vulnerabilities
80 Application Apache Http Server 2.0.51 Version Details Vulnerabilities
81 Application Apache Http Server 2.0.52 Version Details Vulnerabilities
82 Application Apache Http Server 2.0.53 Version Details Vulnerabilities
83 Application Apache Http Server 2.0.54 Version Details Vulnerabilities
84 Application Apache Http Server 2.0.55 Version Details Vulnerabilities
85 Application Apache Http Server 2.0.56 Version Details Vulnerabilities
86 Application Apache Http Server 2.0.57 Version Details Vulnerabilities
87 Application Apache Http Server 2.0.58 Win32 Version Details Vulnerabilities
88 Application Apache Http Server 2.0.58 Version Details Vulnerabilities
89 Application Apache Http Server 2.0.59 Version Details Vulnerabilities
90 Application Apache Http Server 2.0.60 Version Details Vulnerabilities
91 Application Apache Http Server 2.0.61 Version Details Vulnerabilities
92 Application Apache Http Server 2.0.63 Version Details Vulnerabilities
93 Application Apache Http Server 2.1.1 Version Details Vulnerabilities
94 Application Apache Http Server 2.1.2 Version Details Vulnerabilities
95 Application Apache Http Server 2.1.3 Version Details Vulnerabilities
96 Application Apache Http Server 2.1.4 Version Details Vulnerabilities
97 Application Apache Http Server 2.1.5 Version Details Vulnerabilities
98 Application Apache Http Server 2.1.6 Version Details Vulnerabilities
99 Application Apache Http Server 2.1.7 Version Details Vulnerabilities
100 Application Apache Http Server 2.1.8 Version Details Vulnerabilities
101 Application Apache Http Server 2.1.9 Version Details Vulnerabilities
102 Application Apache Http Server 2.2 Version Details Vulnerabilities
103 Application Apache Http Server 2.2.0 Version Details Vulnerabilities
104 Application Apache Http Server 2.2.1 Version Details Vulnerabilities
105 Application Apache Http Server 2.2.2 Version Details Vulnerabilities
106 Application Apache Http Server 2.2.3 Version Details Vulnerabilities
107 Application Apache Http Server 2.2.4 Version Details Vulnerabilities
108 Application Apache Http Server 2.2.5 Version Details Vulnerabilities
109 Application Apache Http Server 2.2.6 Version Details Vulnerabilities
110 Application Apache Http Server 2.2.7 Version Details Vulnerabilities
111 Application Apache Http Server 2.2.8 Version Details Vulnerabilities
112 Application Apache Http Server 2.2.10 Version Details Vulnerabilities
113 Application Apache Http Server 2.2.11 Version Details Vulnerabilities
114 Application Apache Http Server 2.2.12 Version Details Vulnerabilities
115 Application Apache Http Server 2.2.13 Version Details Vulnerabilities
116 Application GNU Gnutls 1.0.16 Version Details Vulnerabilities
117 Application GNU Gnutls 1.0.17 Version Details Vulnerabilities
118 Application GNU Gnutls 1.0.18 Version Details Vulnerabilities
119 Application GNU Gnutls 1.0.19 Version Details Vulnerabilities
120 Application GNU Gnutls 1.0.20 Version Details Vulnerabilities
121 Application GNU Gnutls 1.0.21 Version Details Vulnerabilities
122 Application GNU Gnutls 1.0.22 Version Details Vulnerabilities
123 Application GNU Gnutls 1.0.23 Version Details Vulnerabilities
124 Application GNU Gnutls 1.0.24 Version Details Vulnerabilities
125 Application GNU Gnutls 1.0.25 Version Details Vulnerabilities
126 Application GNU Gnutls 1.1.13 Version Details Vulnerabilities
127 Application GNU Gnutls 1.1.14 Version Details Vulnerabilities
128 Application GNU Gnutls 1.1.15 Version Details Vulnerabilities
129 Application GNU Gnutls 1.1.16 Version Details Vulnerabilities
130 Application GNU Gnutls 1.1.17 Version Details Vulnerabilities
131 Application GNU Gnutls 1.1.18 Version Details Vulnerabilities
132 Application GNU Gnutls 1.1.19 Version Details Vulnerabilities
133 Application GNU Gnutls 1.1.20 Version Details Vulnerabilities
134 Application GNU Gnutls 1.1.21 Version Details Vulnerabilities
135 Application GNU Gnutls 1.1.22 Version Details Vulnerabilities
136 Application GNU Gnutls 1.1.23 Version Details Vulnerabilities
137 Application GNU Gnutls 1.2.0 Version Details Vulnerabilities
138 Application GNU Gnutls 1.2.1 Version Details Vulnerabilities
139 Application GNU Gnutls 1.2.2 Version Details Vulnerabilities
140 Application GNU Gnutls 1.2.3 Version Details Vulnerabilities
141 Application GNU Gnutls 1.2.4 Version Details Vulnerabilities
142 Application GNU Gnutls 1.2.5 Version Details Vulnerabilities
143 Application GNU Gnutls 1.2.6 Version Details Vulnerabilities
144 Application GNU Gnutls 1.2.7 Version Details Vulnerabilities
145 Application GNU Gnutls 1.2.8 Version Details Vulnerabilities
146 Application GNU Gnutls 1.2.8.1a1 Version Details Vulnerabilities
147 Application GNU Gnutls 1.2.9 Version Details Vulnerabilities
148 Application GNU Gnutls 1.2.10 Version Details Vulnerabilities
149 Application GNU Gnutls 1.2.11 Version Details Vulnerabilities
150 Application GNU Gnutls 1.3.0 Version Details Vulnerabilities
151 Application GNU Gnutls 1.3.1 Version Details Vulnerabilities
152 Application GNU Gnutls 1.3.2 Version Details Vulnerabilities
153 Application GNU Gnutls 1.3.3 Version Details Vulnerabilities
154 Application GNU Gnutls 1.3.4 Version Details Vulnerabilities
155 Application GNU Gnutls 1.3.5 Version Details Vulnerabilities
156 Application GNU Gnutls 1.4.0 Version Details Vulnerabilities
157 Application GNU Gnutls 1.4.1 Version Details Vulnerabilities
158 Application GNU Gnutls 1.4.2 Version Details Vulnerabilities
159 Application GNU Gnutls 1.4.3 Version Details Vulnerabilities
160 Application GNU Gnutls 1.4.4 Version Details Vulnerabilities
161 Application GNU Gnutls 1.4.5 Version Details Vulnerabilities
162 Application GNU Gnutls 1.5.0 Version Details Vulnerabilities
163 Application GNU Gnutls 1.5.1 Version Details Vulnerabilities
164 Application GNU Gnutls 1.5.2 Version Details Vulnerabilities
165 Application GNU Gnutls 1.5.3 Version Details Vulnerabilities
166 Application GNU Gnutls 1.5.4 Version Details Vulnerabilities
167 Application GNU Gnutls 1.5.5 Version Details Vulnerabilities
168 Application GNU Gnutls 1.6.0 Version Details Vulnerabilities
169 Application GNU Gnutls 1.6.1 Version Details Vulnerabilities
170 Application GNU Gnutls 1.6.2 Version Details Vulnerabilities
171 Application GNU Gnutls 1.6.3 Version Details Vulnerabilities
172 Application GNU Gnutls 1.7.0 Version Details Vulnerabilities
173 Application GNU Gnutls 1.7.1 Version Details Vulnerabilities
174 Application GNU Gnutls 1.7.2 Version Details Vulnerabilities
175 Application GNU Gnutls 1.7.3 Version Details Vulnerabilities
176 Application GNU Gnutls 1.7.4 Version Details Vulnerabilities
177 Application GNU Gnutls 1.7.5 Version Details Vulnerabilities
178 Application GNU Gnutls 1.7.6 Version Details Vulnerabilities
179 Application GNU Gnutls 1.7.7 Version Details Vulnerabilities
180 Application GNU Gnutls 1.7.8 Version Details Vulnerabilities
181 Application GNU Gnutls 1.7.9 Version Details Vulnerabilities
182 Application GNU Gnutls 1.7.10 Version Details Vulnerabilities
183 Application GNU Gnutls 1.7.11 Version Details Vulnerabilities
184 Application GNU Gnutls 1.7.12 Version Details Vulnerabilities
185 Application GNU Gnutls 1.7.13 Version Details Vulnerabilities
186 Application GNU Gnutls 1.7.14 Version Details Vulnerabilities
187 Application GNU Gnutls 1.7.15 Version Details Vulnerabilities
188 Application GNU Gnutls 1.7.16 Version Details Vulnerabilities
189 Application GNU Gnutls 1.7.17 Version Details Vulnerabilities
190 Application GNU Gnutls 1.7.18 Version Details Vulnerabilities
191 Application GNU Gnutls 1.7.19 Version Details Vulnerabilities
192 Application GNU Gnutls 2.0.0 Version Details Vulnerabilities
193 Application GNU Gnutls 2.0.1 Version Details Vulnerabilities
194 Application GNU Gnutls 2.0.2 Version Details Vulnerabilities
195 Application GNU Gnutls 2.0.3 Version Details Vulnerabilities
196 Application GNU Gnutls 2.0.4 Version Details Vulnerabilities
197 Application GNU Gnutls 2.1.0 Version Details Vulnerabilities
198 Application GNU Gnutls 2.1.1 Version Details Vulnerabilities
199 Application GNU Gnutls 2.1.2 Version Details Vulnerabilities
200 Application GNU Gnutls 2.1.3 Version Details Vulnerabilities
201 Application GNU Gnutls 2.1.4 Version Details Vulnerabilities
202 Application GNU Gnutls 2.1.5 Version Details Vulnerabilities
203 Application GNU Gnutls 2.1.6 Version Details Vulnerabilities
204 Application GNU Gnutls 2.1.7 Version Details Vulnerabilities
205 Application GNU Gnutls 2.1.8 Version Details Vulnerabilities
206 Application GNU Gnutls 2.2.0 Version Details Vulnerabilities
207 Application GNU Gnutls 2.2.1 Version Details Vulnerabilities
208 Application GNU Gnutls 2.2.2 Version Details Vulnerabilities
209 Application GNU Gnutls 2.2.3 Version Details Vulnerabilities
210 Application GNU Gnutls 2.2.4 Version Details Vulnerabilities
211 Application GNU Gnutls 2.2.5 Version Details Vulnerabilities
212 Application GNU Gnutls 2.3.0 Version Details Vulnerabilities
213 Application GNU Gnutls 2.3.1 Version Details Vulnerabilities
214 Application GNU Gnutls 2.3.2 Version Details Vulnerabilities
215 Application GNU Gnutls 2.3.3 Version Details Vulnerabilities
216 Application GNU Gnutls 2.3.4 Version Details Vulnerabilities
217 Application GNU Gnutls 2.3.5 Version Details Vulnerabilities
218 Application GNU Gnutls 2.3.6 Version Details Vulnerabilities
219 Application GNU Gnutls 2.3.7 Version Details Vulnerabilities
220 Application GNU Gnutls 2.3.8 Version Details Vulnerabilities
221 Application GNU Gnutls 2.3.9 Version Details Vulnerabilities
222 Application GNU Gnutls 2.3.10 Version Details Vulnerabilities
223 Application GNU Gnutls 2.3.11 Version Details Vulnerabilities
224 Application GNU Gnutls 2.4.0 Version Details Vulnerabilities
225 Application GNU Gnutls 2.4.1 Version Details Vulnerabilities
226 Application GNU Gnutls 2.4.2 Version Details Vulnerabilities
227 Application GNU Gnutls 2.5.0 Version Details Vulnerabilities
228 Application GNU Gnutls 2.6.0 Version Details Vulnerabilities
229 Application GNU Gnutls 2.6.1 Version Details Vulnerabilities
230 Application GNU Gnutls 2.6.2 Version Details Vulnerabilities
231 Application GNU Gnutls 2.6.3 Version Details Vulnerabilities
232 Application GNU Gnutls 2.6.4 Version Details Vulnerabilities
233 Application GNU Gnutls 2.6.5 Version Details Vulnerabilities
234 Application GNU Gnutls 2.6.6 Version Details Vulnerabilities
235 Application GNU Gnutls 2.8.0 Version Details Vulnerabilities
236 Application GNU Gnutls 2.8.1 Version Details Vulnerabilities
237 Application Microsoft IIS 7.0 Version Details Vulnerabilities
238 Application Mozilla NSS 3.0 Version Details Vulnerabilities
239 Application Mozilla NSS 3.2 Version Details Vulnerabilities
240 Application Mozilla NSS 3.2.1 Version Details Vulnerabilities
241 Application Mozilla NSS 3.3 Version Details Vulnerabilities
242 Application Mozilla NSS 3.3.1 Version Details Vulnerabilities
243 Application Mozilla NSS 3.3.2 Version Details Vulnerabilities
244 Application Mozilla NSS 3.4 Version Details Vulnerabilities
245 Application Mozilla NSS 3.4.1 Version Details Vulnerabilities
246 Application Mozilla NSS 3.4.2 Version Details Vulnerabilities
247 Application Mozilla NSS 3.4.3 Version Details Vulnerabilities
248 Application Mozilla NSS 3.5 Version Details Vulnerabilities
249 Application Mozilla NSS 3.6 Version Details Vulnerabilities
250 Application Mozilla NSS 3.6.1 Version Details Vulnerabilities
251 Application Mozilla NSS 3.7 Version Details Vulnerabilities
252 Application Mozilla NSS 3.7.1 Version Details Vulnerabilities
253 Application Mozilla NSS 3.7.2 Version Details Vulnerabilities
254 Application Mozilla NSS 3.7.3 Version Details Vulnerabilities
255 Application Mozilla NSS 3.7.5 Version Details Vulnerabilities
256 Application Mozilla NSS 3.7.7 Version Details Vulnerabilities
257 Application Mozilla NSS 3.8 Version Details Vulnerabilities
258 Application Mozilla NSS 3.9 Version Details Vulnerabilities
259 Application Mozilla NSS 3.9.5 Version Details Vulnerabilities
260 Application Mozilla NSS 3.10 Version Details Vulnerabilities
261 Application Mozilla NSS 3.11.2 Version Details Vulnerabilities
262 Application Mozilla NSS 3.11.4 Version Details Vulnerabilities
263 Application Mozilla NSS 3.11.7 Version Details Vulnerabilities
264 Application Mozilla NSS 3.11.8 Version Details Vulnerabilities
265 Application Mozilla NSS 3.12 Version Details Vulnerabilities
266 Application Mozilla NSS 3.12.1 Version Details Vulnerabilities
267 Application Mozilla NSS 3.12.2 Version Details Vulnerabilities
268 Application Openssl Openssl 0.9.1c Version Details Vulnerabilities
269 Application Openssl Openssl 0.9.2b Version Details Vulnerabilities
270 Application Openssl Openssl 0.9.3a Version Details Vulnerabilities
271 Application Openssl Openssl 0.9.3 Version Details Vulnerabilities
272 Application Openssl Openssl 0.9.4 Version Details Vulnerabilities
273 Application Openssl Openssl 0.9.5a Beta2 Version Details Vulnerabilities
274 Application Openssl Openssl 0.9.5 Beta2 Version Details Vulnerabilities
275 Application Openssl Openssl 0.9.5 Version Details Vulnerabilities
276 Application Openssl Openssl 0.9.5a Version Details Vulnerabilities
277 Application Openssl Openssl 0.9.5 Beta1 Version Details Vulnerabilities
278 Application Openssl Openssl 0.9.5a Beta1 Version Details Vulnerabilities
279 Application Openssl Openssl 0.9.6h Version Details Vulnerabilities
280 Application Openssl Openssl 0.9.6 Beta2 Version Details Vulnerabilities
281 Application Openssl Openssl 0.9.6m Version Details Vulnerabilities
282 Application Openssl Openssl 0.9.6a Beta1 Version Details Vulnerabilities
283 Application Openssl Openssl 0.9.6c Version Details Vulnerabilities
284 Application Openssl Openssl 0.9.6 Beta3 Version Details Vulnerabilities
285 Application Openssl Openssl 0.9.6l Version Details Vulnerabilities
286 Application Openssl Openssl 0.9.6a Beta2 Version Details Vulnerabilities
287 Application Openssl Openssl 0.9.6b Version Details Vulnerabilities
288 Application Openssl Openssl 0.9.6g Version Details Vulnerabilities
289 Application Openssl Openssl 0.9.6a Beta3 Version Details Vulnerabilities
290 Application Openssl Openssl 0.9.6e Version Details Vulnerabilities
291 Application Openssl Openssl 0.9.6f Version Details Vulnerabilities
292 Application Openssl Openssl 0.9.6 Version Details Vulnerabilities
293 Application Openssl Openssl 0.9.6k Version Details Vulnerabilities
294 Application Openssl Openssl 0.9.6d Version Details Vulnerabilities
295 Application Openssl Openssl 0.9.6i Version Details Vulnerabilities
296 Application Openssl Openssl 0.9.6 Beta1 Version Details Vulnerabilities
297 Application Openssl Openssl 0.9.6j Version Details Vulnerabilities
298 Application Openssl Openssl 0.9.6a Version Details Vulnerabilities
299 Application Openssl Openssl 0.9.7d Version Details Vulnerabilities
300 Application Openssl Openssl 0.9.7m Version Details Vulnerabilities
301 Application Openssl Openssl 0.9.7k Version Details Vulnerabilities
302 Application Openssl Openssl 0.9.7f Version Details Vulnerabilities
303 Application Openssl Openssl 0.9.7 Version Details Vulnerabilities
304 Application Openssl Openssl 0.9.7l Version Details Vulnerabilities
305 Application Openssl Openssl 0.9.7e Version Details Vulnerabilities
306 Application Openssl Openssl 0.9.7 Beta6 Version Details Vulnerabilities
307 Application Openssl Openssl 0.9.7g Version Details Vulnerabilities
308 Application Openssl Openssl 0.9.7 Beta3 Version Details Vulnerabilities
309 Application Openssl Openssl 0.9.7b Version Details Vulnerabilities
310 Application Openssl Openssl 0.9.7a Version Details Vulnerabilities
311 Application Openssl Openssl 0.9.7 Beta2 Version Details Vulnerabilities
312 Application Openssl Openssl 0.9.7c Version Details Vulnerabilities
313 Application Openssl Openssl 0.9.7 Beta4 Version Details Vulnerabilities
314 Application Openssl Openssl 0.9.7h Version Details Vulnerabilities
315 Application Openssl Openssl 0.9.7 Beta5 Version Details Vulnerabilities
316 Application Openssl Openssl 0.9.7j Version Details Vulnerabilities
317 Application Openssl Openssl 0.9.7i Version Details Vulnerabilities
318 Application Openssl Openssl 0.9.7 Beta1 Version Details Vulnerabilities
319 Application Openssl Openssl 0.9.8f Version Details Vulnerabilities
320 Application Openssl Openssl 0.9.8d Version Details Vulnerabilities
321 Application Openssl Openssl 0.9.8e Version Details Vulnerabilities
322 Application Openssl Openssl 0.9.8 Version Details Vulnerabilities
323 Application Openssl Openssl 0.9.8g Version Details Vulnerabilities
324 Application Openssl Openssl 0.9.8c Version Details Vulnerabilities
325 Application Openssl Openssl 0.9.8a Version Details Vulnerabilities
326 Application Openssl Openssl 0.9.8h Version Details Vulnerabilities
327 Application Openssl Openssl 0.9.8b Version Details Vulnerabilities
328 Application Openssl Openssl 1.0 Openvms Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Http Server 115
GNU Gnutls 121
Microsoft IIS 1
Mozilla NSS 30
Openssl Openssl 61

- References For CVE-2009-3555

http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
BUGTRAQ 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://extendedsubset.com/?p=8
http://clicky.me/tlsvuln
http://extendedsubset.com/Renegotiating_TLS.pdf
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HP SSRT100179
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
HP HPSBGN02562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HP SSRT090249
http://kbase.redhat.com/faq/docs/DOC-20491 CONFIRM
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
APPLE APPLE-SA-2010-05-18-1
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
APPLE APPLE-SA-2010-05-18-2
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
APPLE APPLE-SA-2010-01-19-1
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
FEDORA FEDORA-2010-5357
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
FEDORA FEDORA-2010-6131
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
SUSE SUSE-SA:2010:061
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
SUSE SUSE-SR:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SUSE SUSE-SR:2010:012
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SUSE SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SUSE SUSE-SR:2010:008
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
SUSE SUSE-SA:2009:057
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
MLIST [gnutls-devel] 20091105 Re: TLS renegotiation MITM
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
FEDORA FEDORA-2010-16240
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
FEDORA FEDORA-2010-16294
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
FEDORA FEDORA-2010-16312
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
MLIST [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
SUSE openSUSE-SU-2011:0845
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SUSE SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SUSE SUSE-SU-2011:0847
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HP HPSBHF02706
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP HPSBOV02683
http://marc.info/?l=bugtraq&m=127419602507642&w=2
HP HPSBMA02534
http://openbsd.org/errata45.html#010_openssl
OPENBSD [4.5] 010: SECURITY FIX: November 26, 2009
http://marc.info/?l=cryptography&m=125752275331877&w=2
MLIST [cryptography] 20091105 OpenSSL 0.9.8l released
http://openbsd.org/errata46.html#004_openssl
OPENBSD [4.6] 004: SECURITY FIX: November 26, 2009
http://osvdb.org/65202
OSVDB 65202
http://osvdb.org/62210
OSVDB 62210
http://osvdb.org/60972
OSVDB 60972
http://secunia.com/advisories/37292
SECUNIA 37292
http://secunia.com/advisories/37291
SECUNIA 37291
http://seclists.org/fulldisclosure/2009/Nov/139
FULLDISC 20091111 Re: SSL/TLS MiTM PoC
http://osvdb.org/60521
OSVDB 60521
http://secunia.com/advisories/37383
SECUNIA 37383
http://secunia.com/advisories/37320
SECUNIA 37320
http://secunia.com/advisories/37399
SECUNIA 37399
http://secunia.com/advisories/37453
SECUNIA 37453
http://secunia.com/advisories/37501
SECUNIA 37501
http://secunia.com/advisories/37504
SECUNIA 37504
http://secunia.com/advisories/37604
SECUNIA 37604
http://secunia.com/advisories/37640
SECUNIA 37640
http://secunia.com/advisories/37656
SECUNIA 37656
http://secunia.com/advisories/37675
SECUNIA 37675
http://secunia.com/advisories/37859
SECUNIA 37859
http://secunia.com/advisories/38687
SECUNIA 38687
http://secunia.com/advisories/38003
SECUNIA 38003
http://secunia.com/advisories/38020
SECUNIA 38020
http://secunia.com/advisories/38056
SECUNIA 38056
http://secunia.com/advisories/38241
SECUNIA 38241
http://secunia.com/advisories/38484
SECUNIA 38484
http://secunia.com/advisories/38781
SECUNIA 38781
http://secunia.com/advisories/39127
SECUNIA 39127
http://secunia.com/advisories/39136
SECUNIA 39136
http://secunia.com/advisories/39242
SECUNIA 39242
http://secunia.com/advisories/39243
SECUNIA 39243
http://secunia.com/advisories/39278
SECUNIA 39278
http://secunia.com/advisories/39292
SECUNIA 39292
http://secunia.com/advisories/39317
SECUNIA 39317
http://secunia.com/advisories/39461
SECUNIA 39461
http://secunia.com/advisories/39500
SECUNIA 39500
http://secunia.com/advisories/39628
SECUNIA 39628
http://secunia.com/advisories/39632
SECUNIA 39632
http://secunia.com/advisories/39713
SECUNIA 39713
http://secunia.com/advisories/40545
SECUNIA 40545
http://secunia.com/advisories/40070
SECUNIA 40070
http://secunia.com/advisories/39819
SECUNIA 39819
http://secunia.com/advisories/40747
SECUNIA 40747
http://secunia.com/advisories/40866
SECUNIA 40866
http://secunia.com/advisories/41490
SECUNIA 41490
http://secunia.com/advisories/41480
SECUNIA 41480
http://secunia.com/advisories/41818
SECUNIA 41818
http://secunia.com/advisories/41967
SECUNIA 41967
http://secunia.com/advisories/41972
SECUNIA 41972
http://secunia.com/advisories/42377
SECUNIA 42377
http://secunia.com/advisories/42379
SECUNIA 42379
http://secunia.com/advisories/42467
SECUNIA 42467
http://secunia.com/advisories/42816
SECUNIA 42816
http://secunia.com/advisories/42724
SECUNIA 42724
http://secunia.com/advisories/42733
SECUNIA 42733
http://secunia.com/advisories/42811
SECUNIA 42811
http://secunia.com/advisories/42808
SECUNIA 42808
http://secunia.com/advisories/43308
SECUNIA 43308
http://support.avaya.com/css/P8/documents/100070150 CONFIRM
http://www.debian.org/security/2009/dsa-1934
DEBIAN DSA-1934
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
CISCO 20091109 Transport Layer Security Renegotiation Vulnerability
http://www.betanews.com/article/1257452450
http://www.arubanetworks.com/support/alerts/aid-020810.txt CONFIRM
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
AIXAPAR PM00675
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 CONFIRM
http://secunia.com/advisories/44183
SECUNIA 44183
http://secunia.com/advisories/48577
SECUNIA 48577
http://secunia.com/advisories/44954
SECUNIA 44954
http://security.gentoo.org/glsa/glsa-200912-01.xml
GENTOO GLSA-200912-01
http://security.gentoo.org/glsa/glsa-201406-32.xml
GENTOO GLSA-201406-32
http://security.gentoo.org/glsa/glsa-201203-22.xml
GENTOO GLSA-201203-22
http://securitytracker.com/id?1023148
SECTRACK 1023148
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
SLACKWARE SSA:2009-320-01
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
SUNALERT 273350
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SUNALERT 274990
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
SUNALERT 273029
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
SUNALERT 1021653
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
SUNALERT 1021752
http://support.apple.com/kb/HT4004 CONFIRM
http://support.apple.com/kb/HT4170 CONFIRM
http://support.avaya.com/css/P8/documents/100081611 CONFIRM
http://support.apple.com/kb/HT4171 CONFIRM
http://www.vupen.com/english/advisories/2010/1673
VUPEN ADV-2010-1673
http://www.vupen.com/english/advisories/2010/0994
VUPEN ADV-2010-0994
http://support.avaya.com/css/P8/documents/100114327 CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0768.html
REDHAT RHSA-2010:0768
http://xforce.iss.net/xforce/xfdb/54158
XF tls-renegotiation-weak-security(54158)
http://www.vupen.com/english/advisories/2011/0086
VUPEN ADV-2011-0086
http://www.vupen.com/english/advisories/2011/0033
VUPEN ADV-2011-0033
http://www.vupen.com/english/advisories/2011/0032
VUPEN ADV-2011-0032
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES CONFIRM
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released CONFIRM
http://support.citrix.com/article/CTX123359 CONFIRM
http://www.securityfocus.com/archive/1/archive/1/507952/100/0/threaded
BUGTRAQ 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM
http://ubuntu.com/usn/usn-923-1
UBUNTU USN-923-1
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
AIXAPAR IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
AIXAPAR IC68055
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
MLIST [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
http://www.ingate.com/Relnote.php?ver=481 CONFIRM
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c CONFIRM
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CONFIRM
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
MLIST [tls] 20091104 TLS renegotiation issue
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.debian.org/security/2011/dsa-2141
DEBIAN DSA-2141
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
AIXAPAR PM12247
http://wiki.rpath.com/Advisories:rPSA-2009-0155 CONFIRM
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HP SSRT100219
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
MANDRIVA MDVSA-2010:076
http://sysoev.ru/nginx/patch.cve-2009-3555.txt CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
MANDRIVA MDVSA-2010:089
http://technet.microsoft.com/en-us/security/bulletin/ms10-049
Microsoft Security Bulletin MS10-049 Vulnerabilities in SChannel Could Allow Remote Code Execution (980436) This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
MANDRIVA MDVSA-2010:084
http://www.openoffice.org/security/cves/CVE-2009-3555.html CONFIRM
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0786.html
REDHAT RHSA-2010:0786
http://www.openssl.org/news/secadv_20091111.txt CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/05/3
MLIST [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/5
MLIST [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/06/3
MLIST [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/20/1
MLIST [oss-security] 20091120 CVEs for nginx
http://www.openwall.com/lists/oss-security/2009/11/07/3
MLIST [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/23/10
MLIST [oss-security] 20091123 Re: CVEs for nginx
http://www.opera.com/docs/changelogs/unix/1060/ CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 CONFIRM
http://www.opera.com/support/search/view/944/ CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
AIXAPAR IC68054
http://www.redhat.com/support/errata/RHSA-2010-0119.html
REDHAT RHSA-2010:0119
http://www.redhat.com/support/errata/RHSA-2010-0130.html
REDHAT RHSA-2010:0130
http://www.redhat.com/support/errata/RHSA-2010-0155.html
REDHAT RHSA-2010:0155
http://www.redhat.com/support/errata/RHSA-2010-0165.html
REDHAT RHSA-2010:0165
http://www.redhat.com/support/errata/RHSA-2010-0167.html
REDHAT RHSA-2010:0167
http://www.redhat.com/support/errata/RHSA-2010-0337.html
REDHAT RHSA-2010:0337
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
REDHAT RHSA-2010:0338
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.redhat.com/support/errata/RHSA-2010-0770.html
REDHAT RHSA-2010:0770
http://www.redhat.com/support/errata/RHSA-2011-0880.html
REDHAT RHSA-2011:0880
http://www.redhat.com/support/errata/RHSA-2010-0987.html
REDHAT RHSA-2010:0987
http://www.redhat.com/support/errata/RHSA-2010-0986.html
REDHAT RHSA-2010:0986
http://www.redhat.com/support/errata/RHSA-2010-0865.html
REDHAT RHSA-2010:0865
http://www.securityfocus.com/archive/1/archive/1/508130/100/0/threaded
BUGTRAQ 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
http://www.redhat.com/support/errata/RHSA-2010-0807.html
REDHAT RHSA-2010:0807
http://www.redhat.com/support/errata/RHSA-2010-0339.html
REDHAT RHSA-2010:0339
http://www.securityfocus.com/archive/1/522176
HP HPSBMU02759
http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded
BUGTRAQ 20091124 rPSA-2009-0155-1 httpd mod_ssl
http://www.securityfocus.com/archive/1/archive/1/515055/100/0/threaded
BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securitytracker.com/id?1023163
SECTRACK 1023163
http://www.securitytracker.com/id?1023204
SECTRACK 1023204
http://www.securitytracker.com/id?1023205
SECTRACK 1023205
http://www.securitytracker.com/id?1023206
SECTRACK 1023206
http://www.securitytracker.com/id?1023207
SECTRACK 1023207
http://www.securitytracker.com/id?1023208
SECTRACK 1023208
http://www.securitytracker.com/id?1023224
SECTRACK 1023224
http://www.securitytracker.com/id?1023209
SECTRACK 1023209
http://www.securitytracker.com/id?1023210
SECTRACK 1023210
http://www.securitytracker.com/id?1023211
SECTRACK 1023211
http://www.securitytracker.com/id?1023212
SECTRACK 1023212
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html CONFIRM
http://www.securitytracker.com/id?1023214
SECTRACK 1023214
http://www.securitytracker.com/id?1023213
SECTRACK 1023213
http://www.securitytracker.com/id?1023219
SECTRACK 1023219
http://www.securitytracker.com/id?1023218
SECTRACK 1023218
http://www.securitytracker.com/id?1023217
SECTRACK 1023217
http://www.securitytracker.com/id?1023215
SECTRACK 1023215
http://www.securitytracker.com/id?1023216
SECTRACK 1023216
http://www.securitytracker.com/id?1023243
SECTRACK 1023243
http://www.securitytracker.com/id?1023270
SECTRACK 1023270
http://www.securitytracker.com/id?1023272
SECTRACK 1023272
http://www.securitytracker.com/id?1023271
SECTRACK 1023271
http://www.securitytracker.com/id?1023274
SECTRACK 1023274
http://www.securitytracker.com/id?1023273
SECTRACK 1023273
http://www.securitytracker.com/id?1023275
SECTRACK 1023275
http://www.securitytracker.com/id?1023411
SECTRACK 1023411
http://www.securitytracker.com/id?1023426
SECTRACK 1023426
http://www.tombom.co.uk/blog/?p=85
http://www.securitytracker.com/id?1024789
SECTRACK 1024789
http://www.securitytracker.com/id?1023428
SECTRACK 1023428
http://www.securitytracker.com/id?1023427
SECTRACK 1023427
http://www.ubuntu.com/usn/USN-1010-1
UBUNTU USN-1010-1
http://www.ubuntu.com/usn/USN-927-1
UBUNTU USN-927-1
http://www.ubuntu.com/usn/USN-927-5
UBUNTU USN-927-5
http://www.ubuntu.com/usn/USN-927-4
UBUNTU USN-927-4
http://www.vmware.com/security/advisories/VMSA-2010-0019.html CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM
http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM
http://www.vupen.com/english/advisories/2009/3164
VUPEN ADV-2009-3164
http://www.vupen.com/english/advisories/2009/3165
VUPEN ADV-2009-3165
http://www.vupen.com/english/advisories/2009/3220
VUPEN ADV-2009-3220
http://www.vupen.com/english/advisories/2009/3205
VUPEN ADV-2009-3205
http://www.vupen.com/english/advisories/2009/3310
VUPEN ADV-2009-3310
http://www.vupen.com/english/advisories/2009/3521
VUPEN ADV-2009-3521
http://www.vupen.com/english/advisories/2009/3484
VUPEN ADV-2009-3484
http://www.vupen.com/english/advisories/2009/3353
VUPEN ADV-2009-3353
http://www.vupen.com/english/advisories/2009/3313
VUPEN ADV-2009-3313
http://www.vupen.com/english/advisories/2009/3354
VUPEN ADV-2009-3354
http://www.vupen.com/english/advisories/2009/3587
VUPEN ADV-2009-3587
http://www.vupen.com/english/advisories/2010/0173
VUPEN ADV-2010-0173
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM
http://www.vupen.com/english/advisories/2010/0086
VUPEN ADV-2010-0086
http://www.vupen.com/english/advisories/2010/0848
VUPEN ADV-2010-0848
http://www.vupen.com/english/advisories/2010/0748
VUPEN ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0916
VUPEN ADV-2010-0916
http://www.vupen.com/english/advisories/2010/0982
VUPEN ADV-2010-0982
http://www.vupen.com/english/advisories/2010/0933
VUPEN ADV-2010-0933
http://www.vupen.com/english/advisories/2010/3086
VUPEN ADV-2010-3086
http://www.vupen.com/english/advisories/2010/1054
VUPEN ADV-2010-1054
http://www.vupen.com/english/advisories/2010/1107
VUPEN ADV-2010-1107
https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM
http://support.avaya.com/css/P8/documents/100114315 CONFIRM
http://www.vupen.com/english/advisories/2010/1191
VUPEN ADV-2010-1191
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
FEDORA FEDORA-2009-12775
http://www.vupen.com/english/advisories/2010/1793
VUPEN ADV-2010-1793
http://www.vupen.com/english/advisories/2010/2745
VUPEN ADV-2010-2745
http://www.vupen.com/english/advisories/2010/2010
VUPEN ADV-2010-2010
http://www.vupen.com/english/advisories/2010/1350
VUPEN ADV-2010-1350
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
http://www.vupen.com/english/advisories/2010/3069
VUPEN ADV-2010-3069
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
http://www.vupen.com/english/advisories/2010/3126
VUPEN ADV-2010-3126
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
http://www.vupen.com/english/advisories/2010/1639
VUPEN ADV-2010-1639
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125 CONFIRM
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
FEDORA FEDORA-2009-12750
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
FEDORA FEDORA-2009-12782
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
FEDORA FEDORA-2010-5942
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
FEDORA FEDORA-2009-12604
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
FEDORA FEDORA-2009-12968
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
FEDORA FEDORA-2009-12305
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
FEDORA FEDORA-2009-12229
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
FEDORA FEDORA-2009-12606
http://www.securityfocus.com/bid/36935
BID 36935 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Release Date:2014-09-23
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT TA10-287A
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
CERT TA10-222A
http://www.kb.cert.org/vuls/id/120541
CERT-VN VU#120541

- Metasploit Modules Related To CVE-2009-3555

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.