[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3555Date: (C)2009-11-09   (M)2024-03-27


The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-1021653
SUNALERT-1021752
SECTRACK-1023148
SECTRACK-1023163
SECTRACK-1023204
SECTRACK-1023205
SECTRACK-1023206
SECTRACK-1023207
SECTRACK-1023208
SECTRACK-1023209
SECTRACK-1023210
SECTRACK-1023211
SECTRACK-1023212
SECTRACK-1023213
SECTRACK-1023214
SECTRACK-1023215
SECTRACK-1023216
SECTRACK-1023217
SECTRACK-1023218
SECTRACK-1023219
SECTRACK-1023224
SECTRACK-1023243
SECTRACK-1023270
SECTRACK-1023271
SECTRACK-1023272
SECTRACK-1023273
SECTRACK-1023274
SECTRACK-1023275
SECTRACK-1023411
SECTRACK-1023426
SECTRACK-1023427
SECTRACK-1023428
SECTRACK-1024789
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
http://seclists.org/fulldisclosure/2009/Nov/139
http://www.securityfocus.com/archive/1/507952/100/0/threaded
http://www.securityfocus.com/archive/1/508075/100/0/threaded
http://www.securityfocus.com/archive/1/508130/100/0/threaded
http://www.securityfocus.com/archive/1/515055/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
SUNALERT-273029
SUNALERT-273350
SUNALERT-274990
BID-36935
SECUNIA-37291
SECUNIA-37292
SECUNIA-37320
SECUNIA-37383
SECUNIA-37399
SECUNIA-37453
SECUNIA-37501
SECUNIA-37504
SECUNIA-37604
SECUNIA-37640
SECUNIA-37656
SECUNIA-37675
SECUNIA-37859
SECUNIA-38003
SECUNIA-38020
SECUNIA-38056
SECUNIA-38241
SECUNIA-38484
SECUNIA-38687
SECUNIA-38781
SECUNIA-39127
SECUNIA-39136
SECUNIA-39242
SECUNIA-39243
SECUNIA-39278
SECUNIA-39292
SECUNIA-39317
SECUNIA-39461
SECUNIA-39500
SECUNIA-39628
SECUNIA-39632
SECUNIA-39713
SECUNIA-39819
SECUNIA-40070
SECUNIA-40545
SECUNIA-40747
SECUNIA-40866
SECUNIA-41480
SECUNIA-41490
SECUNIA-41818
SECUNIA-41967
SECUNIA-41972
SECUNIA-42377
SECUNIA-42379
SECUNIA-42467
SECUNIA-42724
SECUNIA-42733
SECUNIA-42808
SECUNIA-42811
SECUNIA-42816
SECUNIA-43308
SECUNIA-44183
SECUNIA-44954
SECUNIA-48577
OSVDB-60521
OSVDB-60972
OSVDB-62210
OSVDB-65202
ADV-2009-3164
ADV-2009-3165
ADV-2009-3205
ADV-2009-3220
ADV-2009-3310
ADV-2009-3313
ADV-2009-3353
ADV-2009-3354
ADV-2009-3484
ADV-2009-3521
ADV-2009-3587
ADV-2010-0086
ADV-2010-0173
ADV-2010-0748
ADV-2010-0848
ADV-2010-0916
ADV-2010-0933
ADV-2010-0982
ADV-2010-0994
ADV-2010-1054
ADV-2010-1107
ADV-2010-1191
ADV-2010-1350
ADV-2010-1639
ADV-2010-1673
ADV-2010-1793
ADV-2010-2010
ADV-2010-2745
ADV-2010-3069
ADV-2010-3086
ADV-2010-3126
ADV-2011-0032
ADV-2011-0033
ADV-2011-0086
APPLE-SA-2010-01-19-1
APPLE-SA-2010-05-18-1
APPLE-SA-2010-05-18-2
DSA-1934
DSA-2141
DSA-3253
FEDORA-2009-12229
FEDORA-2009-12305
FEDORA-2009-12604
FEDORA-2009-12606
FEDORA-2009-12750
FEDORA-2009-12775
FEDORA-2009-12782
FEDORA-2009-12968
FEDORA-2010-16240
FEDORA-2010-16294
FEDORA-2010-16312
FEDORA-2010-5357
FEDORA-2010-5942
FEDORA-2010-6131
GLSA-200912-01
GLSA-201203-22
GLSA-201406-32
HPSBGN02562
HPSBHF02706
HPSBMA02568
HPSBMU02799
HPSBOV02762
HPSBUX02498
HPSBUX02517
IC67848
IC68054
IC68055
MDVSA-2010:076
MDVSA-2010:084
MDVSA-2010:089
MS10-049
PM00675
PM12247
RHSA-2010:0119
RHSA-2010:0130
RHSA-2010:0155
RHSA-2010:0165
RHSA-2010:0167
RHSA-2010:0337
RHSA-2010:0338
RHSA-2010:0339
RHSA-2010:0768
RHSA-2010:0770
RHSA-2010:0786
RHSA-2010:0807
RHSA-2010:0865
RHSA-2010:0986
RHSA-2010:0987
RHSA-2011:0880
SSA:2009-320-01
SSRT090180
SSRT090208
SSRT090249
SSRT100089
SSRT100179
SSRT100817
SSRT101846
SUSE-SA:2009:057
SUSE-SA:2010:061
SUSE-SR:2010:008
SUSE-SR:2010:011
SUSE-SR:2010:012
SUSE-SR:2010:013
SUSE-SR:2010:019
SUSE-SR:2010:024
SUSE-SU-2011:0847
TA10-222A
TA10-287A
USN-1010-1
USN-923-1
USN-927-1
USN-927-4
USN-927-5
VU#120541
http://openbsd.org/errata45.html#010_openssl
http://openbsd.org/errata46.html#004_openssl
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
http://marc.info/?l=cryptography&m=125752275331877&w=2
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
http://www.openwall.com/lists/oss-security/2009/11/05/3
http://www.openwall.com/lists/oss-security/2009/11/05/5
http://www.openwall.com/lists/oss-security/2009/11/06/3
http://www.openwall.com/lists/oss-security/2009/11/07/3
http://www.openwall.com/lists/oss-security/2009/11/20/1
http://www.openwall.com/lists/oss-security/2009/11/23/10
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://kbase.redhat.com/faq/docs/DOC-20491
http://support.apple.com/kb/HT4004
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171
http://support.avaya.com/css/P8/documents/100070150
http://support.avaya.com/css/P8/documents/100081611
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100114327
http://support.citrix.com/article/CTX123359
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
http://sysoev.ru/nginx/patch.cve-2009-3555.txt
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
http://wiki.rpath.com/Advisories:rPSA-2009-0155
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
http://www-01.ibm.com/support/docview.wss?uid=swg24006386
http://www-01.ibm.com/support/docview.wss?uid=swg24025312
http://www.arubanetworks.com/support/alerts/aid-020810.txt
http://www.betanews.com/article/1257452450
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.ingate.com/Relnote.php?ver=481
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openssl.org/news/secadv_20091111.txt
http://www.opera.com/docs/changelogs/unix/1060/
http://www.opera.com/support/search/view/944/
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.tombom.co.uk/blog/?p=85
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://kb.bluecoat.com/index?page=content&id=SA50
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
openSUSE-SU-2011:0845
oval:org.mitre.oval:def:10088
oval:org.mitre.oval:def:11578
oval:org.mitre.oval:def:11617
oval:org.mitre.oval:def:7315
oval:org.mitre.oval:def:7478
oval:org.mitre.oval:def:7973
oval:org.mitre.oval:def:8366
oval:org.mitre.oval:def:8535
tls-renegotiation-weak-security(54158)

CWE    1
CWE-295
OVAL    107
oval:org.secpod.oval:def:100534
oval:org.secpod.oval:def:100956
oval:org.secpod.oval:def:100551
oval:org.secpod.oval:def:500390
...

© SecPod Technologies