CVE-2009-3555
Published at:
-
09-11-2009 06:30
Last modified:
-
04-08-2022 09:55
Total changes:
-
4
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
Low
Availability
None
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
5.8
Base score
8.6
4.9
Exploitability score
Impact score
Verification logic
Reference
- http://www.tombom.co.uk/blog/?p=85
- [tls] 20091104 TLS renegotiation issue-Third Party Advisory
- 37292-Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=526689
- http://extendedsubset.com/?p=8
- [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation-Third Party Advisory
- ADV-2009-3165-Third Party Advisory
- [cryptography] 20091105 OpenSSL 0.9.8l released-Third Party Advisory
- http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
- ADV-2009-3164-Third Party Advisory
- [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation-Third Party Advisory
- http://kbase.redhat.com/faq/docs/DOC-20491
- https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
- [gnutls-devel] 20091105 Re: TLS renegotiation MITM-Third Party Advisory
- 36935-Exploit, Patch, Third Party Advisory, VDB Entry
- http://www.betanews.com/article/1257452450
- [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks-Mailing List, Third Party Advisory
- [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks-Mailing List, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=533125
- http://www.links.org/?p=780
- http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
- 37291-Third Party Advisory
- [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks-Mailing List, Third Party Advisory
- [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks-Mailing List, Third Party Advisory
- http://extendedsubset.com/Renegotiating_TLS.pdf
- 20091109 Transport Layer Security Renegotiation Vulnerability-Third Party Advisory
- 1023163-Third Party Advisory, VDB Entry
- VU#120541-Third Party Advisory, US Government Resource
- http://www.links.org/?p=789
- 20091111 Re: SSL/TLS MiTM PoC-Mailing List, Third Party Advisory
- http://blogs.iss.net/archive/sslmitmiscsrf.html
- http://www.links.org/?p=786
- ADV-2009-3220-Third Party Advisory
- http://support.citrix.com/article/CTX123359
- 37320-Third Party Advisory
- ADV-2009-3205-Third Party Advisory
- http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
- 1023148-Third Party Advisory, VDB Entry
- 273029-Broken Link
- DSA-1934-Third Party Advisory
- SUSE-SA:2009:057-Third Party Advisory
- http://sysoev.ru/nginx/patch.cve-2009-3555.txt
- [oss-security] 20091120 CVEs for nginx-Mailing List, Third Party Advisory
- [oss-security] 20091123 Re: CVEs for nginx-Mailing List, Third Party Advisory
- http://wiki.rpath.com/Advisories:rPSA-2009-0155
- FEDORA-2009-12775-Third Party Advisory
- 1023272-Third Party Advisory, VDB Entry
- FEDORA-2009-12750-Third Party Advisory
- 1023271-Third Party Advisory, VDB Entry
- [4.5] 010: SECURITY FIX: November 26, 2009-Third Party Advisory
- 1023207-Third Party Advisory, VDB Entry
- 37656-Third Party Advisory
- 1023211-Third Party Advisory, VDB Entry
- 1023218-Third Party Advisory, VDB Entry
- ADV-2009-3353-Third Party Advisory
- 1023209-Third Party Advisory, VDB Entry
- 1023273-Third Party Advisory, VDB Entry
- GLSA-200912-01-Third Party Advisory
- 1023215-Third Party Advisory, VDB Entry
- http://www.ingate.com/Relnote.php?ver=481
- FEDORA-2009-12782-Third Party Advisory
- 37504-Third Party Advisory
- 1023208-Third Party Advisory, VDB Entry
- 1023212-Third Party Advisory, VDB Entry
- 1023243-Third Party Advisory, VDB Entry
- https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
- http://clicky.me/tlsvuln
- FEDORA-2009-12968-Third Party Advisory
- 1023204-Third Party Advisory, VDB Entry
- 37501-Third Party Advisory
- 1023217-Third Party Advisory, VDB Entry
- 1023210-Third Party Advisory, VDB Entry
- 1023274-Third Party Advisory, VDB Entry
- 37675-Third Party Advisory
- 1023205-Third Party Advisory, VDB Entry
- SSRT090249-Broken Link
- 1023275-Third Party Advisory, VDB Entry
- 1023216-Third Party Advisory, VDB Entry
- [4.6] 004: SECURITY FIX: November 26, 2009-Third Party Advisory
- 1023270-Third Party Advisory, VDB Entry
- http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
- 1023206-Third Party Advisory, VDB Entry
- 60521-Broken Link
- 1023219-Third Party Advisory, VDB Entry
- ADV-2009-3354-Third Party Advisory
- 37604-Third Party Advisory
- 37859-Third Party Advisory
- ADV-2009-3484-Third Party Advisory
- ADV-2009-3587-Third Party Advisory
- FEDORA-2009-12604-Third Party Advisory
- FEDORA-2009-12606-Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24025312
- FEDORA-2009-12229-Third Party Advisory
- FEDORA-2009-12305-Third Party Advisory
- 37640-Third Party Advisory
- 60972-Broken Link
- PM00675-Third Party Advisory
- http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
- ADV-2009-3521-Third Party Advisory
- http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
- APPLE-SA-2010-01-19-1-Mailing List, Third Party Advisory
- 38056-Third Party Advisory
- http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
- http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
- http://support.apple.com/kb/HT4004
- 38241-Third Party Advisory
- ADV-2010-0173-Third Party Advisory
- 38484-Third Party Advisory
- 62210-Broken Link
- http://www.arubanetworks.com/support/alerts/aid-020810.txt
- ADV-2010-0086-Third Party Advisory
- 38003-Third Party Advisory
- http://support.avaya.com/css/P8/documents/100070150
- 1023428-Third Party Advisory, VDB Entry
- 1023427-Third Party Advisory, VDB Entry
- 1023411-Third Party Advisory, VDB Entry
- 1023426-Third Party Advisory, VDB Entry
- RHSA-2010:0119-Third Party Advisory
- 38687-Third Party Advisory
- 38020-Third Party Advisory
- 274990-Broken Link
- 273350-Broken Link
- RHSA-2010:0167-Third Party Advisory
- RHSA-2010:0155-Third Party Advisory
- ADV-2010-0748-Third Party Advisory
- 39243-Third Party Advisory
- 39136-Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=545755
- http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
- 39242-Third Party Advisory
- RHSA-2010:0338-Third Party Advisory
- RHSA-2010:0339-Third Party Advisory
- SUSE-SR:2010:008-Third Party Advisory
- RHSA-2010:0337-Third Party Advisory
- 39317-Third Party Advisory
- USN-923-1-Third Party Advisory
- 39292-Third Party Advisory
- 37453-Third Party Advisory
- 1023224-Third Party Advisory, VDB Entry
- 37383-Third Party Advisory
- 37399-Third Party Advisory
- ADV-2009-3310-Third Party Advisory
- ADV-2009-3313-Third Party Advisory
- 1023214-Third Party Advisory, VDB Entry
- 1023213-Third Party Advisory, VDB Entry
- SSA:2009-320-01-Third Party Advisory
- ADV-2010-0848-Third Party Advisory
- 38781-Third Party Advisory
- 39278-Third Party Advisory
- RHSA-2010:0130-Third Party Advisory
- USN-927-1-Third Party Advisory
- 39500-Third Party Advisory
- IC67848-Third Party Advisory
- ADV-2010-0982-Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21426108
- MDVSA-2010:076-Broken Link
- ADV-2010-0933-Third Party Advisory
- MDVSA-2010:084-Broken Link
- 39628-Third Party Advisory
- PM12247-Third Party Advisory
- FEDORA-2010-5357-Third Party Advisory
- 39461-Third Party Advisory
- ADV-2010-0916-Third Party Advisory
- MDVSA-2010:089-Broken Link
- ADV-2010-1054-Third Party Advisory
- FEDORA-2010-5942-Third Party Advisory
- http://support.avaya.com/css/P8/documents/100081611
- RHSA-2010:0165-Third Party Advisory
- FEDORA-2010-6131-Third Party Advisory
- 39632-Third Party Advisory
- 39713-Third Party Advisory
- ADV-2010-0994-Third Party Advisory
- SSRT090180-Third Party Advisory
- SUSE-SR:2010:011-Third Party Advisory
- ADV-2010-1107-Third Party Advisory
- APPLE-SA-2010-05-18-2-Mailing List, Third Party Advisory
- 39819-Third Party Advisory
- APPLE-SA-2010-05-18-1-Mailing List, Third Party Advisory
- http://support.apple.com/kb/HT4170
- 1021752-Broken Link
- http://support.apple.com/kb/HT4171
- ADV-2010-1191-Third Party Advisory
- SUSE-SR:2010:012-Third Party Advisory
- ADV-2010-1350-Third Party Advisory
- 40070-Third Party Advisory
- 65202-Broken Link
- http://www.openoffice.org/security/cves/CVE-2009-3555.html
- SUSE-SR:2010:013-Third Party Advisory
- 1021653-Broken Link
- 39127-Third Party Advisory
- ADV-2010-1639-Third Party Advisory
- http://www.opera.com/support/search/view/944/
- USN-927-5-Third Party Advisory
- ADV-2010-1673-Third Party Advisory
- http://www.opera.com/docs/changelogs/unix/1060/
- USN-927-4-Third Party Advisory
- ADV-2010-1793-Third Party Advisory
- SSRT100179-Broken Link
- 40545-Third Party Advisory
- 40747-Third Party Advisory
- HPSBGN02562-Broken Link
- ADV-2010-2010-Third Party Advisory
- 40866-Third Party Advisory
- IC68054-Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21432298
- IC68055-Third Party Advisory
- TA10-222A-Third Party Advisory, US Government Resource
- 41490-Third Party Advisory
- 41480-Third Party Advisory
- HPSBMA02568-Third Party Advisory
- ADV-2010-2745-Third Party Advisory
- http://support.avaya.com/css/P8/documents/100114315
- http://support.avaya.com/css/P8/documents/100114327
- RHSA-2010:0770-Third Party Advisory
- FEDORA-2010-16294-Third Party Advisory
- TA10-287A-Third Party Advisory, US Government Resource
- USN-1010-1-Third Party Advisory
- RHSA-2010:0786-Third Party Advisory
- 41972-Third Party Advisory
- FEDORA-2010-16240-Third Party Advisory
- RHSA-2010:0807-Third Party Advisory
- 41967-Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
- FEDORA-2010-16312-Third Party Advisory
- RHSA-2010:0865-Third Party Advisory
- http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
- RHSA-2010:0768-Third Party Advisory
- ADV-2010-3086-Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24006386
- 42379-Third Party Advisory
- 42377-Third Party Advisory
- 1024789-Third Party Advisory, VDB Entry
- 42467-Third Party Advisory
- ADV-2010-3126-Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
- ADV-2010-3069-Third Party Advisory
- 42811-Third Party Advisory
- ADV-2011-0032-Third Party Advisory
- DSA-2141-Third Party Advisory
- SUSE-SA:2010:061-Third Party Advisory
- RHSA-2010:0986-Third Party Advisory
- RHSA-2010:0987-Third Party Advisory
- SUSE-SR:2010:019-Third Party Advisory
- 42724-Third Party Advisory
- 42816-Third Party Advisory
- 42808-Third Party Advisory
- 42733-Third Party Advisory
- https://kb.bluecoat.com/index?page=content&id=SA50
- ADV-2011-0033-Third Party Advisory
- ADV-2011-0086-Third Party Advisory
- SUSE-SR:2010:024-Third Party Advisory
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- 43308-Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- 44183-Third Party Advisory
- RHSA-2011:0880-Third Party Advisory
- SSRT090208-Third Party Advisory
- openSUSE-SU-2011:0845-Third Party Advisory
- SUSE-SU-2011:0847-Third Party Advisory
- HPSBHF02706-Third Party Advisory
- 44954-Third Party Advisory
- http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
- SSRT100817-Third Party Advisory, VDB Entry
- GLSA-201203-22-Third Party Advisory
- 48577-Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities-Broken Link
- GLSA-201406-32-Third Party Advisory
- http://www.openssl.org/news/secadv_20091111.txt
- 41818-Third Party Advisory
- SSRT101846-Third Party Advisory
- DSA-3253-Third Party Advisory
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- HPSBUX02517-Third Party Advisory
- HPSBMU02799-Third Party Advisory
- SSRT100089-Third Party Advisory
- HPSBUX02498-Third Party Advisory
- HPSBOV02762-Third Party Advisory
- tls-renegotiation-weak-security(54158)-Third Party Advisory, VDB Entry
- oval:org.mitre.oval:def:8535-Third Party Advisory
- oval:org.mitre.oval:def:8366-Third Party Advisory
- oval:org.mitre.oval:def:7973-Third Party Advisory
- oval:org.mitre.oval:def:7478-Third Party Advisory
- oval:org.mitre.oval:def:7315-Third Party Advisory
- oval:org.mitre.oval:def:11617-Third Party Advisory
- oval:org.mitre.oval:def:11578-Third Party Advisory
- oval:org.mitre.oval:def:10088-Third Party Advisory
- 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX-Third Party Advisory, VDB Entry
- 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console-Third Party Advisory, VDB Entry
- 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)-Third Party Advisory, VDB Entry
- 20091124 rPSA-2009-0155-1 httpd mod_ssl-Third Party Advisory, VDB Entry
- 20091118 TLS / SSLv3 vulnerability explained (DRAFT)-Third Party Advisory, VDB Entry
- MS10-049-Patch, Vendor Advisory
- [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Mailing List, Third Party Advisory
- [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Mailing List, Third Party Advisory
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/-Mailing List, Third Party Advisory
- [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/-Mailing List, Third Party Advisory
Keywords