CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Publish Date : 2009-11-09 Last Update Date : 2018-10-12
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.8
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 310

- Vendor Statements

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
Source: Redhat

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat moderate
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N 2009-10-02 2009-11-05
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
AIX OpenSSL session renegotiation vulnerability oval:org.mitre.oval:def:11617 unix
CVE-2009-3555 oval:org.opensuse.security:def:20093555 unix
DEPRECATED: ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23199 unix
DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate) oval:org.mitre.oval:def:27881 unix
DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) oval:org.mitre.oval:def:28269 unix
DEPRECATED: ELSA-2010-0162 -- openssl security update (important) oval:org.mitre.oval:def:27748 unix
DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate) oval:org.mitre.oval:def:27295 unix
DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) oval:org.mitre.oval:def:28188 unix
DSA-1934 apache2 -- multiple issues oval:org.mitre.oval:def:8201 unix
DSA-1934-1 apache2 -- multiple issues oval:org.mitre.oval:def:13623 unix
DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12707 unix
DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw oval:org.mitre.oval:def:12801 unix
DSA-2626-1 lighttpd - several issues oval:org.mitre.oval:def:20070 unix
ELSA-2009:1579: httpd security update (Moderate) oval:org.mitre.oval:def:22820 unix
ELSA-2009:1694: java-1.6.0-ibm security update (Critical) oval:org.mitre.oval:def:22907 unix
ELSA-2010:0130: java-1.5.0-ibm security update (Moderate) oval:org.mitre.oval:def:22745 unix
ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) oval:org.mitre.oval:def:22913 unix
ELSA-2010:0162: openssl security update (Important) oval:org.mitre.oval:def:23054 unix
ELSA-2010:0164: openssl097a security update (Moderate) oval:org.mitre.oval:def:23090 unix
ELSA-2010:0165: nss security update (Moderate) oval:org.mitre.oval:def:22993 unix
ELSA-2010:0166: gnutls security update (Moderate) oval:org.mitre.oval:def:23000 unix
ELSA-2010:0337: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22952 unix
ELSA-2010:0338: java-1.5.0-sun security update (Critical) oval:org.mitre.oval:def:23097 unix
ELSA-2010:0339: java-1.6.0-openjdk security update (Important) oval:org.mitre.oval:def:22994 unix
ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:22962 unix
ELSA-2010:0770: java-1.6.0-sun security update (Critical) oval:org.mitre.oval:def:22954 unix
ELSA-2010:0786: java-1.4.2-ibm security update (Critical) oval:org.mitre.oval:def:23065 unix
ELSA-2010:0807: java-1.5.0-ibm security update (Critical) oval:org.mitre.oval:def:22873 unix
ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) oval:org.mitre.oval:def:23563 unix
ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical) oval:org.mitre.oval:def:23453 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-3555

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Http Server 2.2.14 Version Details Vulnerabilities
2 OS Canonical Ubuntu Linux 8.04 ~~lts~~~ Version Details Vulnerabilities
3 OS Canonical Ubuntu Linux 8.10 Version Details Vulnerabilities
4 OS Canonical Ubuntu Linux 9.04 Version Details Vulnerabilities
5 OS Canonical Ubuntu Linux 9.10 Version Details Vulnerabilities
6 OS Canonical Ubuntu Linux 10.04 ~~lts~~~ Version Details Vulnerabilities
7 OS Canonical Ubuntu Linux 10.10 Version Details Vulnerabilities
8 OS Debian Debian Linux 4.0 Version Details Vulnerabilities
9 OS Debian Debian Linux 5.0 Version Details Vulnerabilities
10 OS Debian Debian Linux 6.0 Version Details Vulnerabilities
11 OS Debian Debian Linux 7.0 Version Details Vulnerabilities
12 OS Debian Debian Linux 8.0 Version Details Vulnerabilities
13 OS Fedoraproject Fedora 11 Version Details Vulnerabilities
14 OS Fedoraproject Fedora 12 Version Details Vulnerabilities
15 OS Fedoraproject Fedora 13 Version Details Vulnerabilities
16 OS Fedoraproject Fedora 14 Version Details Vulnerabilities
17 Application GNU Gnutls 2.8.5 Version Details Vulnerabilities
18 Application Microsoft IIS 7.0 Version Details Vulnerabilities
19 Application Mozilla NSS 3.12.4 Version Details Vulnerabilities
20 Application Openssl Openssl 0.9.8k Version Details Vulnerabilities
21 Application Openssl Openssl 1.0 Openvms Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Http Server 1
Canonical Ubuntu Linux 6
Debian Debian Linux 5
Fedoraproject Fedora 4
GNU Gnutls 1
Microsoft IIS 1
Mozilla NSS 1
Openssl Openssl 2

- References For CVE-2009-3555

http://www.securitytracker.com/id?1023209
SECTRACK 1023209
http://www.securityfocus.com/archive/1/508075/100/0/threaded
BUGTRAQ 20091124 rPSA-2009-0155-1 httpd mod_ssl
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
FEDORA FEDORA-2009-12229
http://www.securitytracker.com/id?1023243
SECTRACK 1023243
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
FEDORA FEDORA-2009-12606
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
FEDORA FEDORA-2009-12604
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
MS MS10-049
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
XF tls-renegotiation-weak-security(54158)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
FEDORA FEDORA-2009-12750
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
FEDORA FEDORA-2009-12782
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
FEDORA FEDORA-2009-12968
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
FEDORA FEDORA-2009-12775
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125 CONFIRM
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
http://www.vupen.com/english/advisories/2011/0086
VUPEN ADV-2011-0086
http://www.vupen.com/english/advisories/2011/0033
VUPEN ADV-2011-0033
http://www.vupen.com/english/advisories/2011/0032
VUPEN ADV-2011-0032
http://www.vupen.com/english/advisories/2010/3126
VUPEN ADV-2010-3126
http://www.vupen.com/english/advisories/2010/3086
VUPEN ADV-2010-3086
http://www.vupen.com/english/advisories/2010/3069
VUPEN ADV-2010-3069
http://www.vupen.com/english/advisories/2010/1639
VUPEN ADV-2010-1639
http://www.vupen.com/english/advisories/2010/1673
VUPEN ADV-2010-1673
http://www.vupen.com/english/advisories/2010/2745
VUPEN ADV-2010-2745
http://www.vupen.com/english/advisories/2010/2010
VUPEN ADV-2010-2010
http://www.vupen.com/english/advisories/2010/1793
VUPEN ADV-2010-1793
http://www.vupen.com/english/advisories/2010/1350
VUPEN ADV-2010-1350
http://www.vupen.com/english/advisories/2010/1191
VUPEN ADV-2010-1191
http://www.vupen.com/english/advisories/2010/1107
VUPEN ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1054
VUPEN ADV-2010-1054
http://www.vupen.com/english/advisories/2010/0994
VUPEN ADV-2010-0994
http://www.vupen.com/english/advisories/2010/0982
VUPEN ADV-2010-0982
http://www.vupen.com/english/advisories/2010/0933
VUPEN ADV-2010-0933
http://www.vupen.com/english/advisories/2010/0916
VUPEN ADV-2010-0916
http://www.vupen.com/english/advisories/2010/0173
VUPEN ADV-2010-0173
http://www.vupen.com/english/advisories/2010/0748
VUPEN ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0848
VUPEN ADV-2010-0848
http://www.vupen.com/english/advisories/2010/0086
VUPEN ADV-2010-0086
http://www.vupen.com/english/advisories/2009/3587
VUPEN ADV-2009-3587
http://www.vupen.com/english/advisories/2009/3521
VUPEN ADV-2009-3521
http://www.vupen.com/english/advisories/2009/3484
VUPEN ADV-2009-3484
http://www.vupen.com/english/advisories/2009/3313
VUPEN ADV-2009-3313
http://www.vupen.com/english/advisories/2009/3353
VUPEN ADV-2009-3353
http://www.vupen.com/english/advisories/2009/3354
VUPEN ADV-2009-3354
http://www.vupen.com/english/advisories/2009/3310
VUPEN ADV-2009-3310
http://www.vupen.com/english/advisories/2009/3220
VUPEN ADV-2009-3220
http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM
http://www.vupen.com/english/advisories/2009/3205
VUPEN ADV-2009-3205
http://www.vupen.com/english/advisories/2009/3164
VUPEN ADV-2009-3164
http://www.vupen.com/english/advisories/2009/3165
VUPEN ADV-2009-3165
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
CERT TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT TA10-287A
http://www.vmware.com/security/advisories/VMSA-2010-0019.html CONFIRM
http://www.ubuntu.com/usn/USN-927-5
UBUNTU USN-927-5
http://www.ubuntu.com/usn/USN-1010-1
UBUNTU USN-1010-1
http://www.ubuntu.com/usn/USN-927-4
UBUNTU USN-927-4
http://www.ubuntu.com/usn/USN-927-1
UBUNTU USN-927-1
http://www.tombom.co.uk/blog/?p=85
http://www.securitytracker.com/id?1024789
SECTRACK 1024789
http://www.securitytracker.com/id?1023428
SECTRACK 1023428
http://www.securitytracker.com/id?1023427
SECTRACK 1023427
http://www.securitytracker.com/id?1023426
SECTRACK 1023426
http://www.securitytracker.com/id?1023411
SECTRACK 1023411
http://www.securitytracker.com/id?1023271
SECTRACK 1023271
http://www.securitytracker.com/id?1023272
SECTRACK 1023272
http://www.securitytracker.com/id?1023275
SECTRACK 1023275
http://www.securitytracker.com/id?1023270
SECTRACK 1023270
http://www.securitytracker.com/id?1023274
SECTRACK 1023274
http://www.securitytracker.com/id?1023273
SECTRACK 1023273
http://www.securitytracker.com/id?1023219
SECTRACK 1023219
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
FEDORA FEDORA-2009-12305
http://www.securitytracker.com/id?1023218
SECTRACK 1023218
http://www.securitytracker.com/id?1023217
SECTRACK 1023217
http://www.securitytracker.com/id?1023216
SECTRACK 1023216
http://www.securitytracker.com/id?1023215
SECTRACK 1023215
http://www.securitytracker.com/id?1023214
SECTRACK 1023214
http://www.securitytracker.com/id?1023213
SECTRACK 1023213
http://www.securitytracker.com/id?1023224
SECTRACK 1023224
http://www.securitytracker.com/id?1023163
SECTRACK 1023163
http://www.securitytracker.com/id?1023210
SECTRACK 1023210
http://www.securitytracker.com/id?1023208
SECTRACK 1023208
http://www.securitytracker.com/id?1023207
SECTRACK 1023207
http://www.securitytracker.com/id?1023206
SECTRACK 1023206
http://www.securitytracker.com/id?1023211
SECTRACK 1023211
http://www.securitytracker.com/id?1023204
SECTRACK 1023204
http://www.securitytracker.com/id?1023205
SECTRACK 1023205
http://www.securityfocus.com/archive/1/522176
HP HPSBMU02759
http://www.securityfocus.com/bid/36935
BID 36935 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability Release Date:2017-11-29
http://www.securitytracker.com/id?1023212
SECTRACK 1023212
http://www.securityfocus.com/archive/1/516397/100/0/threaded
BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/507952/100/0/threaded
BUGTRAQ 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
http://www.securityfocus.com/archive/1/515055/100/0/threaded
BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securityfocus.com/archive/1/508130/100/0/threaded
BUGTRAQ 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
AIXAPAR PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-0880.html
REDHAT RHSA-2011:0880
http://www.redhat.com/support/errata/RHSA-2010-0986.html
REDHAT RHSA-2010:0986
http://www.redhat.com/support/errata/RHSA-2010-0987.html
REDHAT RHSA-2010:0987
http://www.redhat.com/support/errata/RHSA-2010-0865.html
REDHAT RHSA-2010:0865
http://www.redhat.com/support/errata/RHSA-2010-0786.html
REDHAT RHSA-2010:0786
http://www.redhat.com/support/errata/RHSA-2010-0807.html
REDHAT RHSA-2010:0807
http://www.redhat.com/support/errata/RHSA-2010-0770.html
REDHAT RHSA-2010:0770
http://www.redhat.com/support/errata/RHSA-2010-0768.html
REDHAT RHSA-2010:0768
http://www.redhat.com/support/errata/RHSA-2010-0337.html
REDHAT RHSA-2010:0337
http://www.redhat.com/support/errata/RHSA-2010-0339.html
REDHAT RHSA-2010:0339
http://www.redhat.com/support/errata/RHSA-2010-0338.html
REDHAT RHSA-2010:0338
http://www.redhat.com/support/errata/RHSA-2010-0167.html
REDHAT RHSA-2010:0167
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0119.html
REDHAT RHSA-2010:0119
http://www.redhat.com/support/errata/RHSA-2010-0165.html
REDHAT RHSA-2010:0165
http://www.redhat.com/support/errata/RHSA-2010-0155.html
REDHAT RHSA-2010:0155
http://www.redhat.com/support/errata/RHSA-2010-0130.html
REDHAT RHSA-2010:0130
http://www.openwall.com/lists/oss-security/2009/11/06/3
MLIST [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/20/1
MLIST [oss-security] 20091120 CVEs for nginx
http://www.openwall.com/lists/oss-security/2009/11/23/10
MLIST [oss-security] 20091123 Re: CVEs for nginx
http://www.opera.com/docs/changelogs/unix/1060/ CONFIRM
http://www.opera.com/support/search/view/944/ CONFIRM
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CONFIRM
http://support.apple.com/kb/HT4004 CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM
http://www.ingate.com/Relnote.php?ver=481 CONFIRM
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HP HPSBMA02568
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
MANDRIVA MDVSA-2010:076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
MANDRIVA MDVSA-2010:084
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
MANDRIVA MDVSA-2010:089
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/07/3
MLIST [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/5
MLIST [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/3
MLIST [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 CONFIRM
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
AIXAPAR PM00675
http://www.arubanetworks.com/support/alerts/aid-020810.txt CONFIRM
http://www.links.org/?p=789
http://www.links.org/?p=786
http://www.links.org/?p=780
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
MLIST [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
CISCO 20091109 Transport Layer Security Renegotiation Vulnerability
http://www.debian.org/security/2009/dsa-1934
DEBIAN DSA-1934
http://www.debian.org/security/2011/dsa-2141
DEBIAN DSA-2141
http://www.debian.org/security/2015/dsa-3253
DEBIAN DSA-3253
http://www.betanews.com/article/1257452450
http://www.kb.cert.org/vuls/id/120541
CERT-VN VU#120541
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html CONFIRM
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
MLIST [tls] 20091104 TLS renegotiation issue
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
AIXAPAR IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
AIXAPAR IC68054
http://wiki.rpath.com/Advisories:rPSA-2009-0155 CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
AIXAPAR IC67848
http://marc.info/?l=bugtraq&m=127128920008563&w=2
HP HPSBUX02517
http://marc.info/?l=bugtraq&m=127419602507642&w=2
HP HPSBMA02534
http://marc.info/?l=bugtraq&m=127557596201693&w=2
HP HPSBUX02524
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP HPSBOV02683
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HP HPSBHF02706
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HP HPSBHF03293
http://marc.info/?l=cryptography&m=125752275331877&w=2
MLIST [cryptography] 20091105 OpenSSL 0.9.8l released
http://sysoev.ru/nginx/patch.cve-2009-3555.txt CONFIRM
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html CONFIRM
http://support.avaya.com/css/P8/documents/100114327 CONFIRM
http://www.openoffice.org/security/cves/CVE-2009-3555.html CONFIRM
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released CONFIRM
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES CONFIRM
http://support.citrix.com/article/CTX123359 CONFIRM
http://support.avaya.com/css/P8/documents/100081611 CONFIRM
http://support.avaya.com/css/P8/documents/100114315 CONFIRM
http://support.apple.com/kb/HT4171 CONFIRM
http://support.avaya.com/css/P8/documents/100070150 CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
SUNALERT 274990
http://ubuntu.com/usn/usn-923-1
UBUNTU USN-923-1
http://support.apple.com/kb/HT4170 CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
SUNALERT 1021653
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
SUNALERT 1021752
http://openbsd.org/errata46.html#004_openssl
OPENBSD [4.6] 004: SECURITY FIX: November 26, 2009
http://www.openssl.org/news/secadv_20091111.txt CONFIRM
http://securitytracker.com/id?1023148
SECTRACK 1023148
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SUSE SUSE-SU-2011:0847
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
SUNALERT 273350
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
SLACKWARE SSA:2009-320-01
http://security.gentoo.org/glsa/glsa-201406-32.xml
GENTOO GLSA-201406-32
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HP HPSBMU02799
http://security.gentoo.org/glsa/glsa-201203-22.xml
GENTOO GLSA-201203-22
http://security.gentoo.org/glsa/glsa-200912-01.xml
GENTOO GLSA-200912-01
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
SUNALERT 273029
http://seclists.org/fulldisclosure/2009/Nov/139
FULLDISC 20091111 Re: SSL/TLS MiTM PoC
http://openbsd.org/errata45.html#010_openssl
OPENBSD [4.5] 010: SECURITY FIX: November 26, 2009
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HP HPSBOV02762
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
MLIST [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
http://marc.info/?l=bugtraq&m=126150535619567&w=2
HP HPSBUX02498
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
SUSE openSUSE-SU-2011:0845
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SUSE SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
SUSE SUSE-SA:2010:061
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
SUSE SUSE-SR:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
SUSE SUSE-SR:2010:012
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SUSE SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SUSE SUSE-SR:2010:008
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
FEDORA FEDORA-2010-16240
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
MLIST [gnutls-devel] 20091105 Re: TLS renegotiation MITM
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
SUSE SUSE-SA:2009:057
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
FEDORA FEDORA-2010-16294
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
FEDORA FEDORA-2010-16312
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
FEDORA FEDORA-2010-6131
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
FEDORA FEDORA-2010-5942
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
FEDORA FEDORA-2010-5357
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
APPLE APPLE-SA-2010-01-19-1
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
APPLE APPLE-SA-2010-05-18-2
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during CONFIRM
http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
HP HPSBUX02482
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
HP HPSBGN02562
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HP HPSBMA02547
http://kbase.redhat.com/faq/docs/DOC-20491 CONFIRM
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
APPLE APPLE-SA-2010-05-18-1
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
BUGTRAQ 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities

- Metasploit Modules Related To CVE-2009-3555

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.