CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Vulnerability Details : CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Publish Date : 2009-11-09 Last Update Date : 2023-02-13
Collapse All   Expand All   Select   Select&Copy  
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.8
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 295

- Vendor Statements

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
Source: Redhat

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat moderate
4.3
 AV:N/AC:M/Au:N/C:N/I:P/A:N 2009-10-02 2009-11-05
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
AIX OpenSSL session renegotiation vulnerability oval:org.mitre.oval:def:11617 unix
CVE-2009-3555 oval:org.opensuse.security:def:20093555 unix
DEPRECATED: ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23199 unix
DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate) oval:org.mitre.oval:def:27881 unix
DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) oval:org.mitre.oval:def:28269 unix
DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate) oval:org.mitre.oval:def:27295 unix
DEPRECATED: ELSA-2010-0162 -- openssl security update (important) oval:org.mitre.oval:def:27748 unix
DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) oval:org.mitre.oval:def:28188 unix
DSA-1934 apache2 -- multiple issues oval:org.mitre.oval:def:8201 unix
DSA-1934-1 apache2 -- multiple issues oval:org.mitre.oval:def:13623 unix
DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12707 unix
DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12801 unix
DSA-2626-1 lighttpd - several issues oval:org.mitre.oval:def:20070 unix
ELSA-2009:1579: httpd security update (Moderate) oval:org.mitre.oval:def:22820 unix
ELSA-2009:1694: java-1.6.0-ibm security update (Critical) oval:org.mitre.oval:def:22907 unix
ELSA-2010:0130: java-1.5.0-ibm security update (Moderate) oval:org.mitre.oval:def:22745 unix
ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) oval:org.mitre.oval:def:22913 unix
ELSA-2010:0162: openssl security update (Important) oval:org.mitre.oval:def:23054 unix
ELSA-2010:0164: openssl097a security update (Moderate) oval:org.mitre.oval:def:23090 unix
ELSA-2010:0165: nss security update (Moderate) oval:org.mitre.oval:def:22993 unix
ELSA-2010:0166: gnutls security update (Moderate) oval:org.mitre.oval:def:23000 unix
ELSA-2010:0337: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22952 unix
ELSA-2010:0338: java-1.5.0-sun security update (Critical) oval:org.mitre.oval:def:23097 unix
ELSA-2010:0339: java-1.6.0-openjdk security update (Important) oval:org.mitre.oval:def:22994 unix
ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:22962 unix
ELSA-2010:0770: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22954 unix
ELSA-2010:0786: java-1.4.2-ibm security update (Critical) oval:org.mitre.oval:def:23065 unix
ELSA-2010:0807: java-1.5.0-ibm security update (Critical) oval:org.mitre.oval:def:22873 unix
ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:23563 unix
ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23453 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-3555

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Http Server * * * * Version Details Vulnerabilities
2 OS Canonical Ubuntu Linux 8.04 * * * Version Details Vulnerabilities
3 OS Canonical Ubuntu Linux 8.10 * * * Version Details Vulnerabilities
4 OS Canonical Ubuntu Linux 9.04 * * * Version Details Vulnerabilities
5 OS Canonical Ubuntu Linux 9.10 * * * Version Details Vulnerabilities
6 OS Canonical Ubuntu Linux 10.04 * * * Version Details Vulnerabilities
7 OS Canonical Ubuntu Linux 10.10 * * * Version Details Vulnerabilities
8 OS Debian Debian Linux 4.0 * * * Version Details Vulnerabilities
9 OS Debian Debian Linux 5.0 * * * Version Details Vulnerabilities
10 OS Debian Debian Linux 6.0 * * * Version Details Vulnerabilities
11 OS Debian Debian Linux 7.0 * * * Version Details Vulnerabilities
12 OS Debian Debian Linux 8.0 * * * Version Details Vulnerabilities
13 Application F5 Nginx * * * * Version Details Vulnerabilities
14 OS Fedoraproject Fedora 11 * * * Version Details Vulnerabilities
15 OS Fedoraproject Fedora 12 * * * Version Details Vulnerabilities
16 OS Fedoraproject Fedora 13 * * * Version Details Vulnerabilities
17 OS Fedoraproject Fedora 14 * * * Version Details Vulnerabilities
18 Application GNU Gnutls * * * * Version Details Vulnerabilities
19 Application Mozilla NSS * * * * Version Details Vulnerabilities
20 Application Openssl Openssl * * * * Version Details Vulnerabilities
21 Application Openssl Openssl 1.0 * Openvms * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Http Server 1
Canonical Ubuntu Linux 6
Debian Debian Linux 5
F5 Nginx 1
Fedoraproject Fedora 4
GNU Gnutls 1
Mozilla NSS 1
Openssl Openssl 2

- References For CVE-2009-3555

http://support.avaya.com/css/P8/documents/100081611 CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
OVAL oval:org.mitre.oval:def:7973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
OVAL oval:org.mitre.oval:def:7478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
OVAL oval:org.mitre.oval:def:7315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
OVAL oval:org.mitre.oval:def:11617
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
http://www.securityfocus.com/archive/1/515055/100/0/threaded
BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securityfocus.com/archive/1/508130/100/0/threaded
BUGTRAQ 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
OVAL oval:org.mitre.oval:def:8535
http://www.securityfocus.com/archive/1/507952/100/0/threaded
BUGTRAQ 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
OVAL oval:org.mitre.oval:def:11578
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
MS MS10-049
http://www.securityfocus.com/archive/1/516397/100/0/threaded
BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
OVAL oval:org.mitre.oval:def:10088
http://marc.info/?l=bugtraq&m=126150535619567&w=2
HP HPSBUX02498
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HP HPSBMU02799
http://secunia.com/advisories/42816
SECUNIA 42816
http://secunia.com/advisories/42808
SECUNIA 42808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
OVAL oval:org.mitre.oval:def:8366
http://marc.info/?l=bugtraq&m=127128920008563&w=2
HP HPSBUX02517
http://www.openssl.org/news/secadv_20091111.txt CONFIRM
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HP HPSBOV02762
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
XF tls-renegotiation-weak-security(54158)
http://www.debian.org/security/2015/dsa-3253
DEBIAN DSA-3253
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
FEDORA FEDORA-2010-16294
http://marc.info/?l=bugtraq&m=127557596201693&w=2
HP SSRT100089
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT TA10-287A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SUSE SUSE-SR:2010:024
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HP SSRT101846
http://secunia.com/advisories/41818
SECUNIA 41818
http://security.gentoo.org/glsa/glsa-201406-32.xml
GENTOO GLSA-201406-32
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
BUGTRAQ 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM
http://secunia.com/advisories/48577
SECUNIA 48577
http://www.securityfocus.com/archive/1/522176
HP SSRT100817
http://security.gentoo.org/glsa/glsa-201203-22.xml
GENTOO GLSA-201203-22
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
AIXAPAR IC67848
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
SUSE openSUSE-SU-2011:0845
http://www.vupen.com/english/advisories/2010/1639
VUPEN ADV-2010-1639
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0986.html
REDHAT RHSA-2010:0986
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HP HPSBHF02706
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SUSE SUSE-SU-2011:0847
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP SSRT090208
http://www.redhat.com/support/errata/RHSA-2011-0880.html
REDHAT RHSA-2011:0880
http://secunia.com/advisories/44183
SECUNIA 44183
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM
http://secunia.com/advisories/43308
SECUNIA 43308
http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM
http://www.vupen.com/english/advisories/2009/3521
VUPEN ADV-2009-3521
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html CONFIRM
http://secunia.com/advisories/44954
SECUNIA 44954
http://secunia.com/advisories/39127
SECUNIA 39127
http://www.vupen.com/english/advisories/2011/0086
VUPEN ADV-2011-0086
http://secunia.com/advisories/42733
SECUNIA 42733
https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM
http://www.vupen.com/english/advisories/2011/0033
VUPEN ADV-2011-0033
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
SUSE SUSE-SA:2010:061
http://www.redhat.com/support/errata/RHSA-2010-0987.html
REDHAT RHSA-2010:0987
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE SUSE-SR:2010:019
http://secunia.com/advisories/42724
SECUNIA 42724
http://www.debian.org/security/2011/dsa-2141
DEBIAN DSA-2141
http://www.vupen.com/english/advisories/2010/3069
VUPEN ADV-2010-3069
http://www.vupen.com/english/advisories/2011/0032
VUPEN ADV-2011-0032
http://secunia.com/advisories/42377
SECUNIA 42377
http://www.securitytracker.com/id?1024789
SECTRACK 1024789
http://secunia.com/advisories/42467
SECUNIA 42467
http://www.vupen.com/english/advisories/2010/3126
VUPEN ADV-2010-3126
http://www.vupen.com/english/advisories/2010/2745
VUPEN ADV-2010-2745
http://secunia.com/advisories/42811
SECUNIA 42811
http://www.vmware.com/security/advisories/VMSA-2010-0019.html CONFIRM
http://www.vupen.com/english/advisories/2010/3086
VUPEN ADV-2010-3086
http://secunia.com/advisories/42379
SECUNIA 42379
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0768.html
REDHAT RHSA-2010:0768
http://www.redhat.com/support/errata/RHSA-2010-0865.html
REDHAT RHSA-2010:0865
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html CONFIRM
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0807.html
REDHAT RHSA-2010:0807
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
FEDORA FEDORA-2010-16312
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released CONFIRM
http://www.ubuntu.com/usn/USN-927-1
UBUNTU USN-927-1
http://secunia.com/advisories/41967
SECUNIA 41967
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
FEDORA FEDORA-2010-16240
http://www.securityfocus.com/archive/1/508075/100/0/threaded
BUGTRAQ 20091124 rPSA-2009-0155-1 httpd mod_ssl
http://www.vupen.com/english/advisories/2010/0748
VUPEN ADV-2010-0748
http://www.redhat.com/support/errata/RHSA-2010-0786.html
REDHAT RHSA-2010:0786
http://www.ubuntu.com/usn/USN-1010-1
UBUNTU USN-1010-1
http://osvdb.org/62210
OSVDB 62210
http://www.redhat.com/support/errata/RHSA-2010-0770.html
REDHAT RHSA-2010:0770
http://support.avaya.com/css/P8/documents/100114327 CONFIRM
http://support.avaya.com/css/P8/documents/100114315 CONFIRM
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
CERT TA10-222A
http://secunia.com/advisories/41490
SECUNIA 41490
http://secunia.com/advisories/41480
SECUNIA 41480
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HP HPSBMA02568
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
AIXAPAR IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
AIXAPAR IC68054
http://secunia.com/advisories/39243
SECUNIA 39243
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c CONFIRM
http://secunia.com/advisories/40866
SECUNIA 40866
http://secunia.com/advisories/40747
SECUNIA 40747
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
HP HPSBGN02562
http://www.vupen.com/english/advisories/2010/2010
VUPEN ADV-2010-2010
http://secunia.com/advisories/40545
SECUNIA 40545
http://www.vupen.com/english/advisories/2010/1793
VUPEN ADV-2010-1793
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SUNALERT 274990
http://www.ubuntu.com/usn/USN-927-5
UBUNTU USN-927-5
http://www.vupen.com/english/advisories/2010/1673
VUPEN ADV-2010-1673
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
SUSE SUSE-SR:2010:013
http://www.opera.com/docs/changelogs/unix/1060/ CONFIRM
http://secunia.com/advisories/40070
SECUNIA 40070
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HP SSRT100179
http://www.ubuntu.com/usn/USN-927-4
UBUNTU USN-927-4
http://www.opera.com/support/search/view/944/ CONFIRM
http://www.vupen.com/english/advisories/2010/1191
VUPEN ADV-2010-1191
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SUSE SUSE-SR:2010:012
http://www.vupen.com/english/advisories/2010/1350
VUPEN ADV-2010-1350
http://secunia.com/advisories/39819
SECUNIA 39819
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
APPLE APPLE-SA-2010-05-18-1
http://support.apple.com/kb/HT4170 CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
SUNALERT 1021653
http://osvdb.org/65202
OSVDB 65202
http://www.openoffice.org/security/cves/CVE-2009-3555.html CONFIRM
http://www.arubanetworks.com/support/alerts/aid-020810.txt CONFIRM
http://support.apple.com/kb/HT4171 CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
MANDRIVA MDVSA-2010:089
http://www.vupen.com/english/advisories/2010/1054
VUPEN ADV-2010-1054
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
FEDORA FEDORA-2010-5942
http://www.openwall.com/lists/oss-security/2009/11/20/1
MLIST [oss-security] 20091120 CVEs for nginx
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
FEDORA FEDORA-2010-5357
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
SUNALERT 1021752
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SUSE SUSE-SR:2010:011
http://www.vupen.com/english/advisories/2010/1107
VUPEN ADV-2010-1107
http://marc.info/?l=bugtraq&m=127419602507642&w=2
HP SSRT090180
http://www.vupen.com/english/advisories/2010/0994
VUPEN ADV-2010-0994
http://secunia.com/advisories/39713
SECUNIA 39713
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
FEDORA FEDORA-2010-6131
http://secunia.com/advisories/39632
SECUNIA 39632
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
SUNALERT 273350
http://www.redhat.com/support/errata/RHSA-2010-0167.html
REDHAT RHSA-2010:0167
http://www.redhat.com/support/errata/RHSA-2010-0165.html
REDHAT RHSA-2010:0165
http://www.vupen.com/english/advisories/2010/0916
VUPEN ADV-2010-0916
http://secunia.com/advisories/39461
SECUNIA 39461
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
AIXAPAR PM12247
http://secunia.com/advisories/39628
SECUNIA 39628
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
MANDRIVA MDVSA-2010:084
http://www.vupen.com/english/advisories/2010/0933
VUPEN ADV-2010-0933
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
MANDRIVA MDVSA-2010:076
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 CONFIRM
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html CONFIRM
http://secunia.com/advisories/39242
SECUNIA 39242
http://www.redhat.com/support/errata/RHSA-2010-0338.html
REDHAT RHSA-2010:0338
http://www.redhat.com/support/errata/RHSA-2010-0339.html
REDHAT RHSA-2010:0339
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SUSE SUSE-SR:2010:008
http://www.redhat.com/support/errata/RHSA-2010-0337.html
REDHAT RHSA-2010:0337
http://secunia.com/advisories/39317
SECUNIA 39317
http://ubuntu.com/usn/usn-923-1
UBUNTU USN-923-1
http://secunia.com/advisories/39292
SECUNIA 39292
http://secunia.com/advisories/37453
SECUNIA 37453
http://www.securitytracker.com/id?1023224
SECTRACK 1023224
http://secunia.com/advisories/37383
SECUNIA 37383
http://secunia.com/advisories/37399
SECUNIA 37399
http://www.vupen.com/english/advisories/2009/3310
VUPEN ADV-2009-3310
http://www.vupen.com/english/advisories/2009/3313
VUPEN ADV-2009-3313
http://www.securitytracker.com/id?1023214
SECTRACK 1023214
http://www.securitytracker.com/id?1023213
SECTRACK 1023213
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
SLACKWARE SSA:2009-320-01
http://www.vupen.com/english/advisories/2010/0848
VUPEN ADV-2010-0848
http://secunia.com/advisories/38781
SECUNIA 38781
http://secunia.com/advisories/39278
SECUNIA 39278
http://www.vupen.com/english/advisories/2010/0086
VUPEN ADV-2010-0086
http://secunia.com/advisories/38003
SECUNIA 38003
http://support.avaya.com/css/P8/documents/100070150 CONFIRM
http://www.securitytracker.com/id?1023428
SECTRACK 1023428
http://www.securitytracker.com/id?1023427
SECTRACK 1023427
http://www.securitytracker.com/id?1023411
SECTRACK 1023411
http://www.securitytracker.com/id?1023426
SECTRACK 1023426
http://www.redhat.com/support/errata/RHSA-2010-0119.html
REDHAT RHSA-2010:0119
http://secunia.com/advisories/38687
SECUNIA 38687
http://secunia.com/advisories/38020
SECUNIA 38020
http://secunia.com/advisories/39500
SECUNIA 39500
http://www.redhat.com/support/errata/RHSA-2010-0130.html
REDHAT RHSA-2010:0130
http://secunia.com/advisories/39136
SECUNIA 39136
http://www.redhat.com/support/errata/RHSA-2010-0155.html
REDHAT RHSA-2010:0155
http://secunia.com/advisories/38484
SECUNIA 38484
http://www.vupen.com/english/advisories/2010/0982
VUPEN ADV-2010-0982
http://secunia.com/advisories/38241
SECUNIA 38241
http://www.vupen.com/english/advisories/2010/0173
VUPEN ADV-2010-0173
http://support.apple.com/kb/HT4004 CONFIRM
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
APPLE APPLE-SA-2010-01-19-1
http://secunia.com/advisories/38056
SECUNIA 38056
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES CONFIRM
http://secunia.com/advisories/41972
SECUNIA 41972
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
FEDORA FEDORA-2009-12305
http://secunia.com/advisories/37640
SECUNIA 37640
http://osvdb.org/60972
OSVDB 60972
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
AIXAPAR PM00675
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
FEDORA FEDORA-2009-12229
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
FEDORA FEDORA-2009-12606
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
FEDORA FEDORA-2009-12604
http://www.vupen.com/english/advisories/2009/3587
VUPEN ADV-2009-3587
http://secunia.com/advisories/37859
SECUNIA 37859
http://www.vupen.com/english/advisories/2009/3484
VUPEN ADV-2009-3484
http://secunia.com/advisories/37604
SECUNIA 37604
http://www.securitytracker.com/id?1023270
SECTRACK 1023270
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://www.securitytracker.com/id?1023206
SECTRACK 1023206
http://osvdb.org/60521
OSVDB 60521
http://www.securitytracker.com/id?1023219
SECTRACK 1023219
http://www.vupen.com/english/advisories/2009/3354
VUPEN ADV-2009-3354
http://www.securitytracker.com/id?1023275
SECTRACK 1023275
http://openbsd.org/errata46.html#004_openssl
OPENBSD [4.6] 004: SECURITY FIX: November 26, 2009
http://www.securitytracker.com/id?1023216
SECTRACK 1023216
http://www.securitytracker.com/id?1023205
SECTRACK 1023205
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HP SSRT090249
http://secunia.com/advisories/37675
SECUNIA 37675
http://www.securitytracker.com/id?1023210
SECTRACK 1023210
http://www.securitytracker.com/id?1023274
SECTRACK 1023274
http://www.securitytracker.com/id?1023217
SECTRACK 1023217
http://secunia.com/advisories/37501
SECUNIA 37501
http://www.securitytracker.com/id?1023204
SECTRACK 1023204
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
FEDORA FEDORA-2009-12968
http://clicky.me/tlsvuln
http://www.securitytracker.com/id?1023212
SECTRACK 1023212
http://www.securitytracker.com/id?1023243
SECTRACK 1023243
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
http://secunia.com/advisories/37504
SECUNIA 37504
http://www.securitytracker.com/id?1023208
SECTRACK 1023208
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
FEDORA FEDORA-2009-12782
http://www.ingate.com/Relnote.php?ver=481 CONFIRM
http://www.securitytracker.com/id?1023215
SECTRACK 1023215
http://security.gentoo.org/glsa/glsa-200912-01.xml
GENTOO GLSA-200912-01
http://www.securitytracker.com/id?1023273
SECTRACK 1023273
http://www.securitytracker.com/id?1023209
SECTRACK 1023209
http://www.securitytracker.com/id?1023218
SECTRACK 1023218
http://www.vupen.com/english/advisories/2009/3353
VUPEN ADV-2009-3353
http://www.securitytracker.com/id?1023211
SECTRACK 1023211
http://secunia.com/advisories/37656
SECUNIA 37656
http://www.securitytracker.com/id?1023207
SECTRACK 1023207
http://openbsd.org/errata45.html#010_openssl
OPENBSD [4.5] 010: SECURITY FIX: November 26, 2009
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
FEDORA FEDORA-2009-12750
http://www.securitytracker.com/id?1023271
SECTRACK 1023271
http://www.securitytracker.com/id?1023272
SECTRACK 1023272
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
FEDORA FEDORA-2009-12775
http://wiki.rpath.com/Advisories:rPSA-2009-0155 CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.links.org/?p=786
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
APPLE APPLE-SA-2010-05-18-2
http://sysoev.ru/nginx/patch.cve-2009-3555.txt CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
SUSE SUSE-SA:2009:057
http://securitytracker.com/id?1023148
SECTRACK 1023148
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
SUNALERT 273029
http://www.debian.org/security/2009/dsa-1934
DEBIAN DSA-1934
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://secunia.com/advisories/37320
SECUNIA 37320
http://www.vupen.com/english/advisories/2009/3205
VUPEN ADV-2009-3205
http://support.citrix.com/article/CTX123359 CONFIRM
http://www.vupen.com/english/advisories/2009/3220
VUPEN ADV-2009-3220
http://www.openwall.com/lists/oss-security/2009/11/23/10
MLIST [oss-security] 20091123 Re: CVEs for nginx
http://seclists.org/fulldisclosure/2009/Nov/139
FULLDISC 20091111 Re: SSL/TLS MiTM PoC
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
MLIST [gnutls-devel] 20091105 Re: TLS renegotiation MITM
http://www.securityfocus.com/bid/36935
BID 36935 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Release Date:2017-11-29
http://www.betanews.com/article/1257452450
http://www.openwall.com/lists/oss-security/2009/11/06/3
MLIST [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/3
MLIST [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
https://bugzilla.redhat.com/show_bug.cgi?id=533125 CONFIRM
http://www.links.org/?p=780
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://secunia.com/advisories/37291
SECUNIA 37291
http://www.openwall.com/lists/oss-security/2009/11/05/5
MLIST [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/07/3
MLIST [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
http://extendedsubset.com/Renegotiating_TLS.pdf
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
CISCO 20091109 Transport Layer Security Renegotiation Vulnerability
http://www.securitytracker.com/id?1023163
SECTRACK 1023163
http://www.kb.cert.org/vuls/id/120541
CERT-VN VU#120541
http://www.links.org/?p=789
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
http://kbase.redhat.com/faq/docs/DOC-20491 CONFIRM
http://www.vupen.com/english/advisories/2009/3164
VUPEN ADV-2009-3164
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
MLIST [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during CONFIRM
http://marc.info/?l=cryptography&m=125752275331877&w=2
MLIST [cryptography] 20091105 OpenSSL 0.9.8l released
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
MLIST [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
http://www.vupen.com/english/advisories/2009/3165
VUPEN ADV-2009-3165
http://extendedsubset.com/?p=8
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
http://secunia.com/advisories/37292
SECUNIA 37292
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
MLIST [tls] 20091104 TLS renegotiation issue
http://www.tombom.co.uk/blog/?p=85

- Metasploit Modules Related To CVE-2009-3555

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.