CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Publish Date : 2009-11-09 Last Update Date : 2012-10-22
Collapse All   Expand All   Select   Select&Copy  
Related Tweets   Even more tweets   Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

Cvss Score
5.8
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 310

- Vendor Statements

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
Source: Redhat

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat moderate
4.3
 AV:N/AC:M/Au:N/C:N/I:P/A:N 2009-10-02 2009-11-05
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
AIX OpenSSL session renegotiation vulnerability oval:org.mitre.oval:def:11617 unix
CVE-2009-3555 oval:org.opensuse.security:def:20093555 unix
HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS) oval:org.mitre.oval:def:8366 unix
HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) oval:org.mitre.oval:def:8535 unix
MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436) oval:gov.nist.USGCB.patch:def:11682 windows
MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436) oval:gov.nist.fdcc.patch:def:11682 windows
RHSA-2009:1579: httpd security update (Moderate) oval:com.redhat.rhsa:def:20091579 unix
RHSA-2009:1580: httpd security update (Moderate) oval:com.redhat.rhsa:def:20091580 unix
RHSA-2009:1694: java-1.6.0-ibm security update (Critical) oval:com.redhat.rhsa:def:20091694 unix
RHSA-2010:0130: java-1.5.0-ibm security update (Moderate) oval:com.redhat.rhsa:def:20100130 unix
RHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) oval:com.redhat.rhsa:def:20100155 unix
RHSA-2010:0162: openssl security update (Important) oval:com.redhat.rhsa:def:20100162 unix
RHSA-2010:0163: openssl security update (Moderate) oval:com.redhat.rhsa:def:20100163 unix
RHSA-2010:0164: openssl097a security update (Moderate) oval:com.redhat.rhsa:def:20100164 unix
RHSA-2010:0165: nss security update (Moderate) oval:com.redhat.rhsa:def:20100165 unix
RHSA-2010:0166: gnutls security update (Moderate) oval:com.redhat.rhsa:def:20100166 unix
RHSA-2010:0167: gnutls security update (Moderate) oval:com.redhat.rhsa:def:20100167 unix
RHSA-2010:0337: java-1.6.0-sun security update (Critical) oval:com.redhat.rhsa:def:20100337 unix
RHSA-2010:0338: java-1.5.0-sun security update (Critical) oval:com.redhat.rhsa:def:20100338 unix
RHSA-2010:0339: java-1.6.0-openjdk security update (Important) oval:com.redhat.rhsa:def:20100339 unix
RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) oval:com.redhat.rhsa:def:20100768 unix
RHSA-2010:0770: java-1.6.0-sun security update (Critical) oval:com.redhat.rhsa:def:20100770 unix
RHSA-2010:0786: java-1.4.2-ibm security update (Critical) oval:com.redhat.rhsa:def:20100786 unix
RHSA-2010:0807: java-1.5.0-ibm security update (Critical) oval:com.redhat.rhsa:def:20100807 unix
RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) oval:com.redhat.rhsa:def:20100865 unix
RHSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:com.redhat.rhsa:def:20100987 unix
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Ha... oval:org.mitre.oval:def:11578 unix
Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Ha... oval:org.mitre.oval:def:7973 unix
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS... oval:org.mitre.oval:def:10088 unix
TLS/SSL Renegotiation Vulnerability oval:org.mitre.oval:def:7315 windows
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-3555

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Http Server 0.8.11 Details Vulnerabilities
2 Application Apache Http Server 0.8.14 Details Vulnerabilities
3 Application Apache Http Server 1.0 Details Vulnerabilities
4 Application Apache Http Server 1.0.2 Details Vulnerabilities
5 Application Apache Http Server 1.0.3 Details Vulnerabilities
6 Application Apache Http Server 1.0.5 Details Vulnerabilities
7 Application Apache Http Server 1.1.1 Details Vulnerabilities
8 Application Apache Http Server 1.2 Details Vulnerabilities
9 Application Apache Http Server 1.2.4 Details Vulnerabilities
10 Application Apache Http Server 1.2.5 Details Vulnerabilities
11 Application Apache Http Server 1.2.6 Details Vulnerabilities
12 Application Apache Http Server 1.3 Details Vulnerabilities
13 Application Apache Http Server 1.3.0 Details Vulnerabilities
14 Application Apache Http Server 1.3.1.1 Details Vulnerabilities
15 Application Apache Http Server 1.3.2 Details Vulnerabilities
16 Application Apache Http Server 1.3.3 Details Vulnerabilities
17 Application Apache Http Server 1.3.4 Details Vulnerabilities
18 Application Apache Http Server 1.3.5 Details Vulnerabilities
19 Application Apache Http Server 1.3.6 Details Vulnerabilities
20 Application Apache Http Server 1.3.7 DEV Details Vulnerabilities
21 Application Apache Http Server 1.3.7 Details Vulnerabilities
22 Application Apache Http Server 1.3.8 Details Vulnerabilities
23 Application Apache Http Server 1.3.9 Details Vulnerabilities
24 Application Apache Http Server 1.3.11 Details Vulnerabilities
25 Application Apache Http Server 1.3.12 Details Vulnerabilities
26 Application Apache Http Server 1.3.13 Details Vulnerabilities
27 Application Apache Http Server 1.3.14 Details Vulnerabilities
28 Application Apache Http Server 1.3.15 Details Vulnerabilities
29 Application Apache Http Server 1.3.16 Details Vulnerabilities
30 Application Apache Http Server 1.3.17 Details Vulnerabilities
31 Application Apache Http Server 1.3.18 Details Vulnerabilities
32 Application Apache Http Server 1.3.19 Details Vulnerabilities
33 Application Apache Http Server 1.3.20 Details Vulnerabilities
34 Application Apache Http Server 1.3.22 Details Vulnerabilities
35 Application Apache Http Server 1.3.23 Details Vulnerabilities
36 Application Apache Http Server 1.3.24 Details Vulnerabilities
37 Application Apache Http Server 1.3.25 Details Vulnerabilities
38 Application Apache Http Server 1.3.26 Details Vulnerabilities
39 Application Apache Http Server 1.3.27 Details Vulnerabilities
40 Application Apache Http Server 1.3.28 Details Vulnerabilities
41 Application Apache Http Server 1.3.29 Details Vulnerabilities
42 Application Apache Http Server 1.3.30 Details Vulnerabilities
43 Application Apache Http Server 1.3.31 Details Vulnerabilities
44 Application Apache Http Server 1.3.32 Details Vulnerabilities
45 Application Apache Http Server 1.3.33 Details Vulnerabilities
46 Application Apache Http Server 1.3.34 Details Vulnerabilities
47 Application Apache Http Server 1.3.35 Details Vulnerabilities
48 Application Apache Http Server 1.3.36 Details Vulnerabilities
49 Application Apache Http Server 1.3.37 Details Vulnerabilities
50 Application Apache Http Server 1.3.38 Details Vulnerabilities
51 Application Apache Http Server 1.3.39 Details Vulnerabilities
52 Application Apache Http Server 1.3.65 Details Vulnerabilities
53 Application Apache Http Server 1.3.68 Details Vulnerabilities
54 Application Apache Http Server 1.4.0 Details Vulnerabilities
55 Application Apache Http Server 1.99 Details Vulnerabilities
56 Application Apache Http Server 2.0 Details Vulnerabilities
57 Application Apache Http Server 2.0.9 Details Vulnerabilities
58 Application Apache Http Server 2.0.28 Beta Details Vulnerabilities
59 Application Apache Http Server 2.0.28 Details Vulnerabilities
60 Application Apache Http Server 2.0.32 Beta Details Vulnerabilities
61 Application Apache Http Server 2.0.32 Details Vulnerabilities
62 Application Apache Http Server 2.0.34 Beta Details Vulnerabilities
63 Application Apache Http Server 2.0.35 Details Vulnerabilities
64 Application Apache Http Server 2.0.36 Details Vulnerabilities
65 Application Apache Http Server 2.0.37 Details Vulnerabilities
66 Application Apache Http Server 2.0.38 Details Vulnerabilities
67 Application Apache Http Server 2.0.39 Details Vulnerabilities
68 Application Apache Http Server 2.0.40 Details Vulnerabilities
69 Application Apache Http Server 2.0.41 Details Vulnerabilities
70 Application Apache Http Server 2.0.42 Details Vulnerabilities
71 Application Apache Http Server 2.0.43 Details Vulnerabilities
72 Application Apache Http Server 2.0.44 Details Vulnerabilities
73 Application Apache Http Server 2.0.45 Details Vulnerabilities
74 Application Apache Http Server 2.0.46 Win32 Details Vulnerabilities
75 Application Apache Http Server 2.0.46 Details Vulnerabilities
76 Application Apache Http Server 2.0.47 Details Vulnerabilities
77 Application Apache Http Server 2.0.48 Details Vulnerabilities
78 Application Apache Http Server 2.0.49 Details Vulnerabilities
79 Application Apache Http Server 2.0.50 Details Vulnerabilities
80 Application Apache Http Server 2.0.51 Details Vulnerabilities
81 Application Apache Http Server 2.0.52 Details Vulnerabilities
82 Application Apache Http Server 2.0.53 Details Vulnerabilities
83 Application Apache Http Server 2.0.54 Details Vulnerabilities
84 Application Apache Http Server 2.0.55 Details Vulnerabilities
85 Application Apache Http Server 2.0.56 Details Vulnerabilities
86 Application Apache Http Server 2.0.57 Details Vulnerabilities
87 Application Apache Http Server 2.0.58 Win32 Details Vulnerabilities
88 Application Apache Http Server 2.0.58 Details Vulnerabilities
89 Application Apache Http Server 2.0.59 Details Vulnerabilities
90 Application Apache Http Server 2.0.60 Details Vulnerabilities
91 Application Apache Http Server 2.0.61 Details Vulnerabilities
92 Application Apache Http Server 2.0.63 Details Vulnerabilities
93 Application Apache Http Server 2.1.1 Details Vulnerabilities
94 Application Apache Http Server 2.1.2 Details Vulnerabilities
95 Application Apache Http Server 2.1.3 Details Vulnerabilities
96 Application Apache Http Server 2.1.4 Details Vulnerabilities
97 Application Apache Http Server 2.1.5 Details Vulnerabilities
98 Application Apache Http Server 2.1.6 Details Vulnerabilities
99 Application Apache Http Server 2.1.7 Details Vulnerabilities
100 Application Apache Http Server 2.1.8 Details Vulnerabilities
101 Application Apache Http Server 2.1.9 Details Vulnerabilities
102 Application Apache Http Server 2.2 Details Vulnerabilities
103 Application Apache Http Server 2.2.0 Details Vulnerabilities
104 Application Apache Http Server 2.2.1 Details Vulnerabilities
105 Application Apache Http Server 2.2.2 Details Vulnerabilities
106 Application Apache Http Server 2.2.3 Details Vulnerabilities
107 Application Apache Http Server 2.2.4 Details Vulnerabilities
108 Application Apache Http Server 2.2.5 Details Vulnerabilities
109 Application Apache Http Server 2.2.6 Details Vulnerabilities
110 Application Apache Http Server 2.2.7 Details Vulnerabilities
111 Application Apache Http Server 2.2.8 Details Vulnerabilities
112 Application Apache Http Server 2.2.10 Details Vulnerabilities
113 Application Apache Http Server 2.2.11 Details Vulnerabilities
114 Application Apache Http Server 2.2.12 Details Vulnerabilities
115 Application Apache Http Server 2.2.13 Details Vulnerabilities
116 Application GNU Gnutls 1.0.16 Details Vulnerabilities
117 Application GNU Gnutls 1.0.17 Details Vulnerabilities
118 Application GNU Gnutls 1.0.18 Details Vulnerabilities
119 Application GNU Gnutls 1.0.19 Details Vulnerabilities
120 Application GNU Gnutls 1.0.20 Details Vulnerabilities
121 Application GNU Gnutls 1.0.21 Details Vulnerabilities
122 Application GNU Gnutls 1.0.22 Details Vulnerabilities
123 Application GNU Gnutls 1.0.23 Details Vulnerabilities
124 Application GNU Gnutls 1.0.24 Details Vulnerabilities
125 Application GNU Gnutls 1.0.25 Details Vulnerabilities
126 Application GNU Gnutls 1.1.13 Details Vulnerabilities
127 Application GNU Gnutls 1.1.14 Details Vulnerabilities
128 Application GNU Gnutls 1.1.15 Details Vulnerabilities
129 Application GNU Gnutls 1.1.16 Details Vulnerabilities
130 Application GNU Gnutls 1.1.17 Details Vulnerabilities
131 Application GNU Gnutls 1.1.18 Details Vulnerabilities
132 Application GNU Gnutls 1.1.19 Details Vulnerabilities
133 Application GNU Gnutls 1.1.20 Details Vulnerabilities
134 Application GNU Gnutls 1.1.21 Details Vulnerabilities
135 Application GNU Gnutls 1.1.22 Details Vulnerabilities
136 Application GNU Gnutls 1.1.23 Details Vulnerabilities
137 Application GNU Gnutls 1.2.0 Details Vulnerabilities
138 Application GNU Gnutls 1.2.1 Details Vulnerabilities
139 Application GNU Gnutls 1.2.2 Details Vulnerabilities
140 Application GNU Gnutls 1.2.3 Details Vulnerabilities
141 Application GNU Gnutls 1.2.4 Details Vulnerabilities
142 Application GNU Gnutls 1.2.5 Details Vulnerabilities
143 Application GNU Gnutls 1.2.6 Details Vulnerabilities
144 Application GNU Gnutls 1.2.7 Details Vulnerabilities
145 Application GNU Gnutls 1.2.8 Details Vulnerabilities
146 Application GNU Gnutls 1.2.8.1a1 Details Vulnerabilities
147 Application GNU Gnutls 1.2.9 Details Vulnerabilities
148 Application GNU Gnutls 1.2.10 Details Vulnerabilities
149 Application GNU Gnutls 1.2.11 Details Vulnerabilities
150 Application GNU Gnutls 1.3.0 Details Vulnerabilities
151 Application GNU Gnutls 1.3.1 Details Vulnerabilities
152 Application GNU Gnutls 1.3.2 Details Vulnerabilities
153 Application GNU Gnutls 1.3.3 Details Vulnerabilities
154 Application GNU Gnutls 1.3.4 Details Vulnerabilities
155 Application GNU Gnutls 1.3.5 Details Vulnerabilities
156 Application GNU Gnutls 1.4.0 Details Vulnerabilities
157 Application GNU Gnutls 1.4.1 Details Vulnerabilities
158 Application GNU Gnutls 1.4.2 Details Vulnerabilities
159 Application GNU Gnutls 1.4.3 Details Vulnerabilities
160 Application GNU Gnutls 1.4.4 Details Vulnerabilities
161 Application GNU Gnutls 1.4.5 Details Vulnerabilities
162 Application GNU Gnutls 1.5.0 Details Vulnerabilities
163 Application GNU Gnutls 1.5.1 Details Vulnerabilities
164 Application GNU Gnutls 1.5.2 Details Vulnerabilities
165 Application GNU Gnutls 1.5.3 Details Vulnerabilities
166 Application GNU Gnutls 1.5.4 Details Vulnerabilities
167 Application GNU Gnutls 1.5.5 Details Vulnerabilities
168 Application GNU Gnutls 1.6.0 Details Vulnerabilities
169 Application GNU Gnutls 1.6.1 Details Vulnerabilities
170 Application GNU Gnutls 1.6.2 Details Vulnerabilities
171 Application GNU Gnutls 1.6.3 Details Vulnerabilities
172 Application GNU Gnutls 1.7.0 Details Vulnerabilities
173 Application GNU Gnutls 1.7.1 Details Vulnerabilities
174 Application GNU Gnutls 1.7.2 Details Vulnerabilities
175 Application GNU Gnutls 1.7.3 Details Vulnerabilities
176 Application GNU Gnutls 1.7.4 Details Vulnerabilities
177 Application GNU Gnutls 1.7.5 Details Vulnerabilities
178 Application GNU Gnutls 1.7.6 Details Vulnerabilities
179 Application GNU Gnutls 1.7.7 Details Vulnerabilities
180 Application GNU Gnutls 1.7.8 Details Vulnerabilities
181 Application GNU Gnutls 1.7.9 Details Vulnerabilities
182 Application GNU Gnutls 1.7.10 Details Vulnerabilities
183 Application GNU Gnutls 1.7.11 Details Vulnerabilities
184 Application GNU Gnutls 1.7.12 Details Vulnerabilities
185 Application GNU Gnutls 1.7.13 Details Vulnerabilities
186 Application GNU Gnutls 1.7.14 Details Vulnerabilities
187 Application GNU Gnutls 1.7.15 Details Vulnerabilities
188 Application GNU Gnutls 1.7.16 Details Vulnerabilities
189 Application GNU Gnutls 1.7.17 Details Vulnerabilities
190 Application GNU Gnutls 1.7.18 Details Vulnerabilities
191 Application GNU Gnutls 1.7.19 Details Vulnerabilities
192 Application GNU Gnutls 2.0.0 Details Vulnerabilities
193 Application GNU Gnutls 2.0.1 Details Vulnerabilities
194 Application GNU Gnutls 2.0.2 Details Vulnerabilities
195 Application GNU Gnutls 2.0.3 Details Vulnerabilities
196 Application GNU Gnutls 2.0.4 Details Vulnerabilities
197 Application GNU Gnutls 2.1.0 Details Vulnerabilities
198 Application GNU Gnutls 2.1.1 Details Vulnerabilities
199 Application GNU Gnutls 2.1.2 Details Vulnerabilities
200 Application GNU Gnutls 2.1.3 Details Vulnerabilities
201 Application GNU Gnutls 2.1.4 Details Vulnerabilities
202 Application GNU Gnutls 2.1.5 Details Vulnerabilities
203 Application GNU Gnutls 2.1.6 Details Vulnerabilities
204 Application GNU Gnutls 2.1.7 Details Vulnerabilities
205 Application GNU Gnutls 2.1.8 Details Vulnerabilities
206 Application GNU Gnutls 2.2.0 Details Vulnerabilities
207 Application GNU Gnutls 2.2.1 Details Vulnerabilities
208 Application GNU Gnutls 2.2.2 Details Vulnerabilities
209 Application GNU Gnutls 2.2.3 Details Vulnerabilities
210 Application GNU Gnutls 2.2.4 Details Vulnerabilities
211 Application GNU Gnutls 2.2.5 Details Vulnerabilities
212 Application GNU Gnutls 2.3.0 Details Vulnerabilities
213 Application GNU Gnutls 2.3.1 Details Vulnerabilities
214 Application GNU Gnutls 2.3.2 Details Vulnerabilities
215 Application GNU Gnutls 2.3.3 Details Vulnerabilities
216 Application GNU Gnutls 2.3.4 Details Vulnerabilities
217 Application GNU Gnutls 2.3.5 Details Vulnerabilities
218 Application GNU Gnutls 2.3.6 Details Vulnerabilities
219 Application GNU Gnutls 2.3.7 Details Vulnerabilities
220 Application GNU Gnutls 2.3.8 Details Vulnerabilities
221 Application GNU Gnutls 2.3.9 Details Vulnerabilities
222 Application GNU Gnutls 2.3.10 Details Vulnerabilities
223 Application GNU Gnutls 2.3.11 Details Vulnerabilities
224 Application GNU Gnutls 2.4.0 Details Vulnerabilities
225 Application GNU Gnutls 2.4.1 Details Vulnerabilities
226 Application GNU Gnutls 2.4.2 Details Vulnerabilities
227 Application GNU Gnutls 2.5.0 Details Vulnerabilities
228 Application GNU Gnutls 2.6.0 Details Vulnerabilities
229 Application GNU Gnutls 2.6.1 Details Vulnerabilities
230 Application GNU Gnutls 2.6.2 Details Vulnerabilities
231 Application GNU Gnutls 2.6.3 Details Vulnerabilities
232 Application GNU Gnutls 2.6.4 Details Vulnerabilities
233 Application GNU Gnutls 2.6.5 Details Vulnerabilities
234 Application GNU Gnutls 2.6.6 Details Vulnerabilities
235 Application GNU Gnutls 2.8.0 Details Vulnerabilities
236 Application GNU Gnutls 2.8.1 Details Vulnerabilities
237 Application Microsoft IIS 7.0 Details Vulnerabilities
238 Application Mozilla NSS 3.0 Details Vulnerabilities
239 Application Mozilla NSS 3.2 Details Vulnerabilities
240 Application Mozilla NSS 3.2.1 Details Vulnerabilities
241 Application Mozilla NSS 3.3 Details Vulnerabilities
242 Application Mozilla NSS 3.3.1 Details Vulnerabilities
243 Application Mozilla NSS 3.3.2 Details Vulnerabilities
244 Application Mozilla NSS 3.4 Details Vulnerabilities
245 Application Mozilla NSS 3.4.1 Details Vulnerabilities
246 Application Mozilla NSS 3.4.2 Details Vulnerabilities
247 Application Mozilla NSS 3.4.3 Details Vulnerabilities
248 Application Mozilla NSS 3.5 Details Vulnerabilities
249 Application Mozilla NSS 3.6 Details Vulnerabilities
250 Application Mozilla NSS 3.6.1 Details Vulnerabilities
251 Application Mozilla NSS 3.7 Details Vulnerabilities
252 Application Mozilla NSS 3.7.1 Details Vulnerabilities
253 Application Mozilla NSS 3.7.2 Details Vulnerabilities
254 Application Mozilla NSS 3.7.3 Details Vulnerabilities
255 Application Mozilla NSS 3.7.5 Details Vulnerabilities
256 Application Mozilla NSS 3.7.7 Details Vulnerabilities
257 Application Mozilla NSS 3.8 Details Vulnerabilities
258 Application Mozilla NSS 3.9 Details Vulnerabilities
259 Application Mozilla NSS 3.9.5 Details Vulnerabilities
260 Application Mozilla NSS 3.10 Details Vulnerabilities
261 Application Mozilla NSS 3.11.2 Details Vulnerabilities
262 Application Mozilla NSS 3.11.4 Details Vulnerabilities
263 Application Mozilla NSS 3.11.7 Details Vulnerabilities
264 Application Mozilla NSS 3.11.8 Details Vulnerabilities
265 Application Mozilla NSS 3.12 Details Vulnerabilities
266 Application Mozilla NSS 3.12.1 Details Vulnerabilities
267 Application Mozilla NSS 3.12.2 Details Vulnerabilities
268 Application Openssl Openssl 0.9.1c Details Vulnerabilities
269 Application Openssl Openssl 0.9.2b Details Vulnerabilities
270 Application Openssl Openssl 0.9.3a Details Vulnerabilities
271 Application Openssl Openssl 0.9.3 Details Vulnerabilities
272 Application Openssl Openssl 0.9.4 Details Vulnerabilities
273 Application Openssl Openssl 0.9.5a Beta2 Details Vulnerabilities
274 Application Openssl Openssl 0.9.5 Beta2 Details Vulnerabilities
275 Application Openssl Openssl 0.9.5 Details Vulnerabilities
276 Application Openssl Openssl 0.9.5a Details Vulnerabilities
277 Application Openssl Openssl 0.9.5 Beta1 Details Vulnerabilities
278 Application Openssl Openssl 0.9.5a Beta1 Details Vulnerabilities
279 Application Openssl Openssl 0.9.6a Details Vulnerabilities
280 Application Openssl Openssl 0.9.6k Details Vulnerabilities
281 Application Openssl Openssl 0.9.6h Details Vulnerabilities
282 Application Openssl Openssl 0.9.6 Beta2 Details Vulnerabilities
283 Application Openssl Openssl 0.9.6a Beta1 Details Vulnerabilities
284 Application Openssl Openssl 0.9.6j Details Vulnerabilities
285 Application Openssl Openssl 0.9.6c Details Vulnerabilities
286 Application Openssl Openssl 0.9.6 Beta3 Details Vulnerabilities
287 Application Openssl Openssl 0.9.6a Beta2 Details Vulnerabilities
288 Application Openssl Openssl 0.9.6m Details Vulnerabilities
289 Application Openssl Openssl 0.9.6b Details Vulnerabilities
290 Application Openssl Openssl 0.9.6g Details Vulnerabilities
291 Application Openssl Openssl 0.9.6a Beta3 Details Vulnerabilities
292 Application Openssl Openssl 0.9.6l Details Vulnerabilities
293 Application Openssl Openssl 0.9.6e Details Vulnerabilities
294 Application Openssl Openssl 0.9.6f Details Vulnerabilities
295 Application Openssl Openssl 0.9.6 Details Vulnerabilities
296 Application Openssl Openssl 0.9.6d Details Vulnerabilities
297 Application Openssl Openssl 0.9.6i Details Vulnerabilities
298 Application Openssl Openssl 0.9.6 Beta1 Details Vulnerabilities
299 Application Openssl Openssl 0.9.7 Beta1 Details Vulnerabilities
300 Application Openssl Openssl 0.9.7h Details Vulnerabilities
301 Application Openssl Openssl 0.9.7 Beta5 Details Vulnerabilities
302 Application Openssl Openssl 0.9.7j Details Vulnerabilities
303 Application Openssl Openssl 0.9.7 Details Vulnerabilities
304 Application Openssl Openssl 0.9.7i Details Vulnerabilities
305 Application Openssl Openssl 0.9.7d Details Vulnerabilities
306 Application Openssl Openssl 0.9.7k Details Vulnerabilities
307 Application Openssl Openssl 0.9.7m Details Vulnerabilities
308 Application Openssl Openssl 0.9.7 Beta3 Details Vulnerabilities
309 Application Openssl Openssl 0.9.7f Details Vulnerabilities
310 Application Openssl Openssl 0.9.7l Details Vulnerabilities
311 Application Openssl Openssl 0.9.7e Details Vulnerabilities
312 Application Openssl Openssl 0.9.7 Beta6 Details Vulnerabilities
313 Application Openssl Openssl 0.9.7 Beta2 Details Vulnerabilities
314 Application Openssl Openssl 0.9.7g Details Vulnerabilities
315 Application Openssl Openssl 0.9.7b Details Vulnerabilities
316 Application Openssl Openssl 0.9.7a Details Vulnerabilities
317 Application Openssl Openssl 0.9.7c Details Vulnerabilities
318 Application Openssl Openssl 0.9.7 Beta4 Details Vulnerabilities
319 Application Openssl Openssl 0.9.8h Details Vulnerabilities
320 Application Openssl Openssl 0.9.8b Details Vulnerabilities
321 Application Openssl Openssl 0.9.8f Details Vulnerabilities
322 Application Openssl Openssl 0.9.8d Details Vulnerabilities
323 Application Openssl Openssl 0.9.8e Details Vulnerabilities
324 Application Openssl Openssl 0.9.8 Details Vulnerabilities
325 Application Openssl Openssl 0.9.8g Details Vulnerabilities
326 Application Openssl Openssl 0.9.8c Details Vulnerabilities
327 Application Openssl Openssl 0.9.8a Details Vulnerabilities
328 Application Openssl Openssl 1.0 Openvms Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Http Server 115
GNU Gnutls 121
Microsoft IIS 1
Mozilla NSS 30
Openssl Openssl 61

- References For CVE-2009-3555

http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.vupen.com/english/advisories/2010/3069
VUPEN ADV-2010-3069
http://www.vupen.com/english/advisories/2010/2745
VUPEN ADV-2010-2745
http://www.vupen.com/english/advisories/2010/2010
VUPEN ADV-2010-2010
http://www.vupen.com/english/advisories/2010/1793
VUPEN ADV-2010-1793
http://www.vupen.com/english/advisories/2010/1673
VUPEN ADV-2010-1673
http://www.vupen.com/english/advisories/2010/1639
VUPEN ADV-2010-1639
http://clicky.me/tlsvuln
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during CONFIRM
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
MLIST [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 CONFIRM
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HP HPSBUX02482
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
HP HPSBGN02562
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HP HPSBMA02547
http://kbase.redhat.com/faq/docs/DOC-20491 CONFIRM
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
APPLE APPLE-SA-2010-05-18-1
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
APPLE APPLE-SA-2010-05-18-2
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
APPLE APPLE-SA-2010-01-19-1
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
FEDORA FEDORA-2010-5357
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
FEDORA FEDORA-2010-5942
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
FEDORA FEDORA-2010-6131
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
FEDORA FEDORA-2010-16312
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
FEDORA FEDORA-2010-16294
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
FEDORA FEDORA-2010-16240
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
MLIST [gnutls-devel] 20091105 Re: TLS renegotiation MITM
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
SUSE SUSE-SA:2009:057
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SUSE SUSE-SR:2010:008
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SUSE SUSE-SR:2010:012
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SUSE SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
SUSE SUSE-SR:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
SUSE SUSE-SA:2010:061
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SUSE SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
SUSE openSUSE-SU-2011:0845
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SUSE SUSE-SU-2011:0847
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP HPSBOV02683
http://marc.info/?l=bugtraq&m=127419602507642&w=2
HP SSRT090180
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HP HPSBHF02706
http://openbsd.org/errata45.html#010_openssl
OPENBSD [4.5] 010: SECURITY FIX: November 26, 2009
http://marc.info/?l=cryptography&m=125752275331877&w=2
MLIST [cryptography] 20091105 OpenSSL 0.9.8l released
http://osvdb.org/60521
OSVDB 60521
http://openbsd.org/errata46.html#004_openssl
OPENBSD [4.6] 004: SECURITY FIX: November 26, 2009
http://osvdb.org/62210
OSVDB 62210
http://osvdb.org/60972
OSVDB 60972
http://secunia.com/advisories/37291
SECUNIA 37291
http://seclists.org/fulldisclosure/2009/Nov/139
FULLDISC 20091111 Re: SSL/TLS MiTM PoC
http://osvdb.org/65202
OSVDB 65202
http://secunia.com/advisories/37320
SECUNIA 37320
http://secunia.com/advisories/37292
SECUNIA 37292
http://secunia.com/advisories/37399
SECUNIA 37399
http://secunia.com/advisories/37383
SECUNIA 37383
http://secunia.com/advisories/37501
SECUNIA 37501
http://secunia.com/advisories/37453
SECUNIA 37453
http://secunia.com/advisories/37604
SECUNIA 37604
http://secunia.com/advisories/37504
SECUNIA 37504
http://secunia.com/advisories/37656
SECUNIA 37656
http://secunia.com/advisories/37640
SECUNIA 37640
http://secunia.com/advisories/37859
SECUNIA 37859
http://secunia.com/advisories/37675
SECUNIA 37675
http://secunia.com/advisories/38020
SECUNIA 38020
http://secunia.com/advisories/38003
SECUNIA 38003
http://secunia.com/advisories/38241
SECUNIA 38241
http://secunia.com/advisories/38056
SECUNIA 38056
http://secunia.com/advisories/38687
SECUNIA 38687
http://secunia.com/advisories/38484
SECUNIA 38484
http://secunia.com/advisories/39243
SECUNIA 39243
http://secunia.com/advisories/38781
SECUNIA 38781
http://secunia.com/advisories/39127
SECUNIA 39127
http://secunia.com/advisories/39242
SECUNIA 39242
http://secunia.com/advisories/39136
SECUNIA 39136
http://secunia.com/advisories/39278
SECUNIA 39278
http://secunia.com/advisories/39292
SECUNIA 39292
http://secunia.com/advisories/39461
SECUNIA 39461
http://secunia.com/advisories/39317
SECUNIA 39317
http://secunia.com/advisories/39500
SECUNIA 39500
http://secunia.com/advisories/39628
SECUNIA 39628
http://secunia.com/advisories/40070
SECUNIA 40070
http://secunia.com/advisories/39819
SECUNIA 39819
http://secunia.com/advisories/42724
SECUNIA 42724
http://secunia.com/advisories/42467
SECUNIA 42467
http://secunia.com/advisories/42379
SECUNIA 42379
http://secunia.com/advisories/42377
SECUNIA 42377
http://secunia.com/advisories/41972
SECUNIA 41972
http://secunia.com/advisories/41967
SECUNIA 41967
http://secunia.com/advisories/41490
SECUNIA 41490
http://secunia.com/advisories/40866
SECUNIA 40866
http://secunia.com/advisories/40747
SECUNIA 40747
http://secunia.com/advisories/40545
SECUNIA 40545
http://secunia.com/advisories/39713
SECUNIA 39713
http://secunia.com/advisories/41480
SECUNIA 41480
http://secunia.com/advisories/42808
SECUNIA 42808
http://secunia.com/advisories/42733
SECUNIA 42733
http://secunia.com/advisories/42816
SECUNIA 42816
http://secunia.com/advisories/42811
SECUNIA 42811
http://secunia.com/advisories/43308
SECUNIA 43308
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
MLIST [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
MANDRIVA MDVSA-2010:084
http://secunia.com/advisories/44183
SECUNIA 44183
http://secunia.com/advisories/44954
SECUNIA 44954
http://secunia.com/advisories/48577
SECUNIA 48577
http://security.gentoo.org/glsa/glsa-200912-01.xml
GENTOO GLSA-200912-01
http://security.gentoo.org/glsa/glsa-201203-22.xml
GENTOO GLSA-201203-22
http://securitytracker.com/id?1023148
SECTRACK 1023148
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
SLACKWARE SSA:2009-320-01
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
SUNALERT 273350
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
SUNALERT 273029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SUNALERT 274990
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
SUNALERT 1021653
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
SUNALERT 1021752
http://support.apple.com/kb/HT4004 CONFIRM
http://support.apple.com/kb/HT4170 CONFIRM
http://support.apple.com/kb/HT4171 CONFIRM
http://support.avaya.com/css/P8/documents/100070150 CONFIRM
http://support.avaya.com/css/P8/documents/100081611 CONFIRM
http://support.avaya.com/css/P8/documents/100114315 CONFIRM
http://support.avaya.com/css/P8/documents/100114327 CONFIRM
http://support.citrix.com/article/CTX123359 CONFIRM
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES CONFIRM
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released CONFIRM
http://sysoev.ru/nginx/patch.cve-2009-3555.txt CONFIRM
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html CONFIRM
http://ubuntu.com/usn/usn-923-1
UBUNTU USN-923-1
http://wiki.rpath.com/Advisories:rPSA-2009-0155 CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/20/1
MLIST [oss-security] 20091120 CVEs for nginx
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 CONFIRM
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
AIXAPAR PM00675
http://www.arubanetworks.com/support/alerts/aid-020810.txt CONFIRM
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
CISCO 20091109 Transport Layer Security Renegotiation Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
AIXAPAR IC68055
http://www.debian.org/security/2011/dsa-2141
DEBIAN DSA-2141
http://www.debian.org/security/2009/dsa-1934
DEBIAN DSA-1934
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
MLIST [tls] 20091104 TLS renegotiation issue
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
AIXAPAR PM12247
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html CONFIRM
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HP SSRT100219
http://www.ingate.com/Relnote.php?ver=481 CONFIRM
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html CONFIRM
http://www.links.org/?p=789
http://www.openwall.com/lists/oss-security/2009/11/07/3
MLIST [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
MANDRIVA MDVSA-2010:076
http://www.openwall.com/lists/oss-security/2009/11/05/5
MLIST [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/3
MLIST [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openoffice.org/security/cves/CVE-2009-3555.html CONFIRM
http://www.opera.com/support/search/view/944/ CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/06/3
MLIST [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
AIXAPAR IC68054
http://www.opera.com/docs/changelogs/unix/1060/ CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/23/10
MLIST [oss-security] 20091123 Re: CVEs for nginx
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0119.html
REDHAT RHSA-2010:0119
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c CONFIRM
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0155.html
REDHAT RHSA-2010:0155
http://www.redhat.com/support/errata/RHSA-2010-0130.html
REDHAT RHSA-2010:0130
http://www.redhat.com/support/errata/RHSA-2010-0770.html
REDHAT RHSA-2010:0770
http://www.redhat.com/support/errata/RHSA-2010-0768.html
REDHAT RHSA-2010:0768
http://www.redhat.com/support/errata/RHSA-2010-0339.html
REDHAT RHSA-2010:0339
http://www.redhat.com/support/errata/RHSA-2010-0338.html
REDHAT RHSA-2010:0338
http://www.redhat.com/support/errata/RHSA-2010-0337.html
REDHAT RHSA-2010:0337
http://www.redhat.com/support/errata/RHSA-2010-0167.html
REDHAT RHSA-2010:0167
http://www.redhat.com/support/errata/RHSA-2010-0165.html
REDHAT RHSA-2010:0165
http://www.redhat.com/support/errata/RHSA-2011-0880.html
REDHAT RHSA-2011:0880
http://www.redhat.com/support/errata/RHSA-2010-0807.html
REDHAT RHSA-2010:0807
http://www.redhat.com/support/errata/RHSA-2010-0986.html
REDHAT RHSA-2010:0986
http://www.securityfocus.com/archive/1/522176
HP HPSBMU02759
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
REDHAT RHSA-2010:0865
http://www.securitytracker.com/id?1023163
SECTRACK 1023163
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/archive/1/515055/100/0/threaded
BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securityfocus.com/archive/1/archive/1/508130/100/0/threaded
BUGTRAQ 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded
BUGTRAQ 20091124 rPSA-2009-0155-1 httpd mod_ssl
http://www.securityfocus.com/archive/1/archive/1/507952/100/0/threaded
BUGTRAQ 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
http://www.vupen.com/english/advisories/2010/1191
VUPEN ADV-2010-1191
http://www.redhat.com/support/errata/RHSA-2010-0786.html
REDHAT RHSA-2010:0786
http://www.redhat.com/support/errata/RHSA-2010-0987.html
REDHAT RHSA-2010:0987
http://www.betanews.com/article/1257452450
http://www.ubuntu.com/usn/USN-927-5
UBUNTU USN-927-5
http://www.ubuntu.com/usn/USN-927-4
UBUNTU USN-927-4
http://www.ubuntu.com/usn/USN-927-1
UBUNTU USN-927-1
http://www.ubuntu.com/usn/USN-1010-1
UBUNTU USN-1010-1
http://www.tombom.co.uk/blog/?p=85
http://www.securitytracker.com/id?1023205
SECTRACK 1023205
http://www.securitytracker.com/id?1023204
SECTRACK 1023204
http://www.securitytracker.com/id?1023271
SECTRACK 1023271
http://www.securitytracker.com/id?1023270
SECTRACK 1023270
http://www.securitytracker.com/id?1023243
SECTRACK 1023243
http://www.securitytracker.com/id?1023224
SECTRACK 1023224
http://www.securitytracker.com/id?1023206
SECTRACK 1023206
http://www.securitytracker.com/id?1023208
SECTRACK 1023208
http://www.securitytracker.com/id?1023207
SECTRACK 1023207
http://www.securitytracker.com/id?1023212
SECTRACK 1023212
http://www.securitytracker.com/id?1023211
SECTRACK 1023211
http://www.securitytracker.com/id?1023210
SECTRACK 1023210
http://www.securitytracker.com/id?1023209
SECTRACK 1023209
http://www.securitytracker.com/id?1023217
SECTRACK 1023217
http://www.securitytracker.com/id?1023213
SECTRACK 1023213
http://www.securitytracker.com/id?1023216
SECTRACK 1023216
http://www.securitytracker.com/id?1023215
SECTRACK 1023215
http://www.securitytracker.com/id?1023218
SECTRACK 1023218
http://www.securitytracker.com/id?1023219
SECTRACK 1023219
http://www.securitytracker.com/id?1023273
SECTRACK 1023273
http://www.securitytracker.com/id?1023272
SECTRACK 1023272
http://www.securitytracker.com/id?1023274
SECTRACK 1023274
http://www.securitytracker.com/id?1023427
SECTRACK 1023427
http://www.securitytracker.com/id?1023426
SECTRACK 1023426
http://www.securitytracker.com/id?1023411
SECTRACK 1023411
http://www.securitytracker.com/id?1023214
SECTRACK 1023214
http://www.securitytracker.com/id?1023275
SECTRACK 1023275
http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
AIXAPAR IC67848
http://www.securitytracker.com/id?1023428
SECTRACK 1023428
http://www.vupen.com/english/advisories/2009/3313
VUPEN ADV-2009-3313
http://www.securitytracker.com/id?1024789
SECTRACK 1024789
http://www.vmware.com/security/advisories/VMSA-2010-0019.html CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM
http://www.vupen.com/english/advisories/2009/3353
VUPEN ADV-2009-3353
http://www.vupen.com/english/advisories/2009/3164
VUPEN ADV-2009-3164
http://www.vupen.com/english/advisories/2009/3165
VUPEN ADV-2009-3165
http://www.vupen.com/english/advisories/2009/3205
VUPEN ADV-2009-3205
http://www.vupen.com/english/advisories/2009/3220
VUPEN ADV-2009-3220
http://www.vupen.com/english/advisories/2009/3310
VUPEN ADV-2009-3310
http://www.vupen.com/english/advisories/2009/3521
VUPEN ADV-2009-3521
http://www.vupen.com/english/advisories/2009/3484
VUPEN ADV-2009-3484
http://www.vupen.com/english/advisories/2009/3354
VUPEN ADV-2009-3354
http://www.vupen.com/english/advisories/2010/0173
VUPEN ADV-2010-0173
http://www.vupen.com/english/advisories/2009/3587
VUPEN ADV-2009-3587
http://www.vupen.com/english/advisories/2010/0848
VUPEN ADV-2010-0848
http://www.vupen.com/english/advisories/2010/0086
VUPEN ADV-2010-0086
http://www.vupen.com/english/advisories/2010/0748
VUPEN ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0994
VUPEN ADV-2010-0994
http://www.vupen.com/english/advisories/2010/0933
VUPEN ADV-2010-0933
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
FEDORA FEDORA-2009-12229
http://www.vupen.com/english/advisories/2010/0916
VUPEN ADV-2010-0916
http://www.vupen.com/english/advisories/2010/0982
VUPEN ADV-2010-0982
http://www.vupen.com/english/advisories/2010/3126
VUPEN ADV-2010-3126
http://www.vupen.com/english/advisories/2010/1054
VUPEN ADV-2010-1054
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
FEDORA FEDORA-2009-12604
http://www.vupen.com/english/advisories/2010/1107
VUPEN ADV-2010-1107
http://www.vupen.com/english/advisories/2010/3086
VUPEN ADV-2010-3086
http://www.vupen.com/english/advisories/2011/0032
VUPEN ADV-2011-0032
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
http://www.vupen.com/english/advisories/2011/0033
VUPEN ADV-2011-0033
http://www.vupen.com/english/advisories/2011/0086
VUPEN ADV-2011-0086
http://xforce.iss.net/xforce/xfdb/54158
XF tls-renegotiation-weak-security(54158)
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
FEDORA FEDORA-2009-12782
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.redhat.com/show_bug.cgi?id=533125 CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM
http://technet.microsoft.com/en-us/security/bulletin/ms10-049
Microsoft Security Bulletin MS10-049 Vulnerabilities in SChannel Could Allow Remote Code Execution (980436) This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
FEDORA FEDORA-2009-12750
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
FEDORA FEDORA-2009-12968
http://www.vupen.com/english/advisories/2010/1350
VUPEN ADV-2010-1350
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
FEDORA FEDORA-2009-12606
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
FEDORA FEDORA-2009-12305
http://secunia.com/advisories/39632
SECUNIA 39632
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
FEDORA FEDORA-2009-12775
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
MANDRIVA MDVSA-2010:089
http://www.securityfocus.com/bid/36935
BID 36935 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Release Date:2013-03-07
http://www.kb.cert.org/vuls/id/120541
CERT-VN VU#120541
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
CERT TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT TA10-287A

- Metasploit Modules Related To CVE-2009-3555

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.