Description
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Published: 2009-11-09
Score: 5.8 Medium
EPSS: 2.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-400-1 pound security update
Debian DSA Debian DSA DSA-1934-1 New apache2 packages fix several issues
Debian DSA Debian DSA DSA-2141-1 New openssl packages fix protocol design flaw
Debian DSA Debian DSA DSA-2141-2 New nss packages fix protocol design flaw
Debian DSA Debian DSA DSA-2141-4 New lighttpd packages fix regression
Debian DSA Debian DSA DSA-2161-2 OpenJDK security update
Debian DSA Debian DSA DSA-2626-1 lighttpd security update
Debian DSA Debian DSA DSA-3253-1 pound security update
EUVD EUVD EUVD-2022-3720 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Github GHSA Github GHSA GHSA-f7w7-6pjc-wwm6 Apache Tomcat affected by vulnerability in TLS and SSL protocol
Ubuntu USN Ubuntu USN USN-860-1 Apache vulnerabilities
Ubuntu USN Ubuntu USN USN-1010-1 OpenJDK vulnerabilities
Ubuntu USN Ubuntu USN USN-923-1 OpenJDK vulnerabilities
Ubuntu USN Ubuntu USN USN-927-1 NSS vulnerability
Ubuntu USN Ubuntu USN USN-927-4 nss vulnerability
Ubuntu USN Ubuntu USN USN-927-6 NSS vulnerability
Ubuntu USN Ubuntu USN USN-990-1 OpenSSL vulnerability
Ubuntu USN Ubuntu USN USN-990-2 Apache vulnerability
References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html cve-icon cve-icon
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html cve-icon cve-icon
http://blogs.iss.net/archive/sslmitmiscsrf.html cve-icon cve-icon
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during cve-icon cve-icon
http://clicky.me/tlsvuln cve-icon cve-icon
http://extendedsubset.com/?p=8 cve-icon cve-icon
http://extendedsubset.com/Renegotiating_TLS.pdf cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 cve-icon cve-icon
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 cve-icon cve-icon
http://kbase.redhat.com/faq/docs/DOC-20491 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html cve-icon cve-icon
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html cve-icon cve-icon
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=126150535619567&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127128920008563&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127419602507642&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127557596201693&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=130497311408250&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=132077688910227&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133469267822771&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=142660345230545&w=2 cve-icon cve-icon
http://marc.info/?l=cryptography&m=125752275331877&w=2 cve-icon cve-icon
http://openbsd.org/errata45.html#010_openssl cve-icon cve-icon
http://openbsd.org/errata46.html#004_openssl cve-icon cve-icon
http://osvdb.org/60521 cve-icon cve-icon
http://osvdb.org/60972 cve-icon cve-icon
http://osvdb.org/62210 cve-icon cve-icon
http://osvdb.org/65202 cve-icon cve-icon
http://seclists.org/fulldisclosure/2009/Nov/139 cve-icon cve-icon
http://secunia.com/advisories/37291 cve-icon cve-icon
http://secunia.com/advisories/37292 cve-icon cve-icon
http://secunia.com/advisories/37320 cve-icon cve-icon
http://secunia.com/advisories/37383 cve-icon cve-icon
http://secunia.com/advisories/37399 cve-icon cve-icon
http://secunia.com/advisories/37453 cve-icon cve-icon
http://secunia.com/advisories/37501 cve-icon cve-icon
http://secunia.com/advisories/37504 cve-icon cve-icon
http://secunia.com/advisories/37604 cve-icon cve-icon
http://secunia.com/advisories/37640 cve-icon cve-icon
http://secunia.com/advisories/37656 cve-icon cve-icon
http://secunia.com/advisories/37675 cve-icon cve-icon
http://secunia.com/advisories/37859 cve-icon cve-icon
http://secunia.com/advisories/38003 cve-icon cve-icon
http://secunia.com/advisories/38020 cve-icon cve-icon
http://secunia.com/advisories/38056 cve-icon cve-icon
http://secunia.com/advisories/38241 cve-icon cve-icon
http://secunia.com/advisories/38484 cve-icon cve-icon
http://secunia.com/advisories/38687 cve-icon cve-icon
http://secunia.com/advisories/38781 cve-icon cve-icon
http://secunia.com/advisories/39127 cve-icon cve-icon
http://secunia.com/advisories/39136 cve-icon cve-icon
http://secunia.com/advisories/39242 cve-icon cve-icon
http://secunia.com/advisories/39243 cve-icon cve-icon
http://secunia.com/advisories/39278 cve-icon cve-icon
http://secunia.com/advisories/39292 cve-icon cve-icon
http://secunia.com/advisories/39317 cve-icon cve-icon
http://secunia.com/advisories/39461 cve-icon cve-icon
http://secunia.com/advisories/39500 cve-icon cve-icon
http://secunia.com/advisories/39628 cve-icon cve-icon
http://secunia.com/advisories/39632 cve-icon cve-icon
http://secunia.com/advisories/39713 cve-icon cve-icon
http://secunia.com/advisories/39819 cve-icon cve-icon
http://secunia.com/advisories/40070 cve-icon cve-icon
http://secunia.com/advisories/40545 cve-icon cve-icon
http://secunia.com/advisories/40747 cve-icon cve-icon
http://secunia.com/advisories/40866 cve-icon cve-icon
http://secunia.com/advisories/41480 cve-icon cve-icon
http://secunia.com/advisories/41490 cve-icon cve-icon
http://secunia.com/advisories/41818 cve-icon cve-icon
http://secunia.com/advisories/41967 cve-icon cve-icon
http://secunia.com/advisories/41972 cve-icon cve-icon
http://secunia.com/advisories/42377 cve-icon cve-icon
http://secunia.com/advisories/42379 cve-icon cve-icon
http://secunia.com/advisories/42467 cve-icon cve-icon
http://secunia.com/advisories/42724 cve-icon cve-icon
http://secunia.com/advisories/42733 cve-icon cve-icon
http://secunia.com/advisories/42808 cve-icon cve-icon
http://secunia.com/advisories/42811 cve-icon cve-icon
http://secunia.com/advisories/42816 cve-icon cve-icon
http://secunia.com/advisories/43308 cve-icon cve-icon
http://secunia.com/advisories/44183 cve-icon cve-icon
http://secunia.com/advisories/44954 cve-icon cve-icon
http://secunia.com/advisories/48577 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200912-01.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201203-22.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201406-32.xml cve-icon cve-icon
http://securitytracker.com/id?1023148 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 cve-icon cve-icon
http://support.apple.com/kb/HT4004 cve-icon cve-icon
http://support.apple.com/kb/HT4170 cve-icon cve-icon
http://support.apple.com/kb/HT4171 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100070150 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100081611 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100114315 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100114327 cve-icon cve-icon
http://support.citrix.com/article/CTX123359 cve-icon cve-icon
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES cve-icon cve-icon
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released cve-icon cve-icon
http://sysoev.ru/nginx/patch.cve-2009-3555.txt cve-icon cve-icon
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html cve-icon cve-icon
http://ubuntu.com/usn/usn-923-1 cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2009-0155 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 cve-icon cve-icon
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only cve-icon cve-icon
http://www.arubanetworks.com/support/alerts/aid-020810.txt cve-icon cve-icon
http://www.betanews.com/article/1257452450 cve-icon cve-icon
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1934 cve-icon cve-icon
http://www.debian.org/security/2011/dsa-2141 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3253 cve-icon cve-icon
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html cve-icon cve-icon
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html cve-icon cve-icon
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html cve-icon cve-icon
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html cve-icon cve-icon
http://www.ingate.com/Relnote.php?ver=481 cve-icon cve-icon
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/120541 cve-icon cve-icon
http://www.links.org/?p=780 cve-icon cve-icon
http://www.links.org/?p=786 cve-icon cve-icon
http://www.links.org/?p=789 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 cve-icon cve-icon
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html cve-icon cve-icon
http://www.openoffice.org/security/cves/CVE-2009-3555.html cve-icon cve-icon
http://www.openssl.org/news/secadv_20091111.txt cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/05/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/05/5 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/06/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/07/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/20/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/23/10 cve-icon cve-icon
http://www.opera.com/docs/changelogs/unix/1060/ cve-icon cve-icon
http://www.opera.com/support/search/view/944/ cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html cve-icon cve-icon
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0119.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0130.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0155.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0165.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0167.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0337.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0338.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0339.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0768.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0770.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0786.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0807.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0865.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0986.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0987.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-0880.html cve-icon cve-icon
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/507952/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/508075/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/508130/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/515055/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/516397/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/522176 cve-icon cve-icon
http://www.securityfocus.com/bid/36935 cve-icon cve-icon
http://www.securitytracker.com/id?1023163 cve-icon cve-icon
http://www.securitytracker.com/id?1023204 cve-icon cve-icon
http://www.securitytracker.com/id?1023205 cve-icon cve-icon
http://www.securitytracker.com/id?1023206 cve-icon cve-icon
http://www.securitytracker.com/id?1023207 cve-icon cve-icon
http://www.securitytracker.com/id?1023208 cve-icon cve-icon
http://www.securitytracker.com/id?1023209 cve-icon cve-icon
http://www.securitytracker.com/id?1023210 cve-icon cve-icon
http://www.securitytracker.com/id?1023211 cve-icon cve-icon
http://www.securitytracker.com/id?1023212 cve-icon cve-icon
http://www.securitytracker.com/id?1023213 cve-icon cve-icon
http://www.securitytracker.com/id?1023214 cve-icon cve-icon
http://www.securitytracker.com/id?1023215 cve-icon cve-icon
http://www.securitytracker.com/id?1023216 cve-icon cve-icon
http://www.securitytracker.com/id?1023217 cve-icon cve-icon
http://www.securitytracker.com/id?1023218 cve-icon cve-icon
http://www.securitytracker.com/id?1023219 cve-icon cve-icon
http://www.securitytracker.com/id?1023224 cve-icon cve-icon
http://www.securitytracker.com/id?1023243 cve-icon cve-icon
http://www.securitytracker.com/id?1023270 cve-icon cve-icon
http://www.securitytracker.com/id?1023271 cve-icon cve-icon
http://www.securitytracker.com/id?1023272 cve-icon cve-icon
http://www.securitytracker.com/id?1023273 cve-icon cve-icon
http://www.securitytracker.com/id?1023274 cve-icon cve-icon
http://www.securitytracker.com/id?1023275 cve-icon cve-icon
http://www.securitytracker.com/id?1023411 cve-icon cve-icon
http://www.securitytracker.com/id?1023426 cve-icon cve-icon
http://www.securitytracker.com/id?1023427 cve-icon cve-icon
http://www.securitytracker.com/id?1023428 cve-icon cve-icon
http://www.securitytracker.com/id?1024789 cve-icon cve-icon
http://www.tombom.co.uk/blog/?p=85 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1010-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-927-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-927-4 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-927-5 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-222A.html cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA10-287A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2010-0019.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2011-0003.html cve-icon cve-icon
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3164 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3165 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3205 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3220 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3310 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3313 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3353 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3354 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3484 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3521 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3587 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0086 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0173 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0748 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0848 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0916 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0933 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0982 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0994 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1054 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1107 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1191 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1350 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1639 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1673 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1793 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2010 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/2745 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3069 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3086 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3126 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0032 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0033 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0086 cve-icon cve-icon
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=533125 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 cve-icon cve-icon
https://kb.bluecoat.com/index?page=content&id=SA50 cve-icon cve-icon
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3555 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 cve-icon cve-icon
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html cve-icon cve-icon
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3555 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html cve-icon cve-icon
History

No history.

Subscriptions

Apache Http Server
Canonical Ubuntu Linux
Debian Debian Linux
F5 Nginx
Fedoraproject Fedora
Gnu Gnutls
Mozilla Nss
Openssl Openssl
Redhat Enterprise Linux Jboss Enterprise Web Server Network Satellite Rhel Extras Rhel Extras Sap Satellite Satellite Capsule
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T06:31:10.430Z

Reserved: 2009-10-05T00:00:00.000Z

Link: CVE-2009-3555

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-11-09T17:30:00.407

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3555

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-11-05T00:00:00Z

Links: CVE-2009-3555 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses