CVE-2009-3555

MEDIUM

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

http://blogs.iss.net/archive/sslmitmiscsrf.html

http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

http://clicky.me/tlsvuln

http://extendedsubset.com/?p=8

http://extendedsubset.com/Renegotiating_TLS.pdf

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://kbase.redhat.com/faq/docs/DOC-20491

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

http://marc.info/?l=bugtraq&m=126150535619567&w=2

http://marc.info/?l=bugtraq&m=127128920008563&w=2

http://marc.info/?l=bugtraq&m=127419602507642&w=2

http://marc.info/?l=bugtraq&m=127557596201693&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=132077688910227&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://marc.info/?l=cryptography&m=125752275331877&w=2

http://openbsd.org/errata45.html#010_openssl

http://openbsd.org/errata46.html#004_openssl

http://osvdb.org/60521

http://osvdb.org/60972

http://osvdb.org/62210

http://osvdb.org/65202

http://seclists.org/fulldisclosure/2009/Nov/139

http://secunia.com/advisories/37291

http://secunia.com/advisories/37292

http://secunia.com/advisories/37320

http://secunia.com/advisories/37383

http://secunia.com/advisories/37399

http://secunia.com/advisories/37453

http://secunia.com/advisories/37501

http://secunia.com/advisories/37504

http://secunia.com/advisories/37604

http://secunia.com/advisories/37640

http://secunia.com/advisories/37656

http://secunia.com/advisories/37675

http://secunia.com/advisories/37859

http://secunia.com/advisories/38003

http://secunia.com/advisories/38020

http://secunia.com/advisories/38056

http://secunia.com/advisories/38241

http://secunia.com/advisories/38484

http://secunia.com/advisories/38687

http://secunia.com/advisories/38781

http://secunia.com/advisories/39127

http://secunia.com/advisories/39136

http://secunia.com/advisories/39242

http://secunia.com/advisories/39243

http://secunia.com/advisories/39278

http://secunia.com/advisories/39292

http://secunia.com/advisories/39317

http://secunia.com/advisories/39461

http://secunia.com/advisories/39500

http://secunia.com/advisories/39628

http://secunia.com/advisories/39632

http://secunia.com/advisories/39713

http://secunia.com/advisories/39819

http://secunia.com/advisories/40070

http://secunia.com/advisories/40545

http://secunia.com/advisories/40747

http://secunia.com/advisories/40866

http://secunia.com/advisories/41480

http://secunia.com/advisories/41490

http://secunia.com/advisories/41818

http://secunia.com/advisories/41967

http://secunia.com/advisories/41972

http://secunia.com/advisories/42377

http://secunia.com/advisories/42379

http://secunia.com/advisories/42467

http://secunia.com/advisories/42724

http://secunia.com/advisories/42733

http://secunia.com/advisories/42808

http://secunia.com/advisories/42811

http://secunia.com/advisories/42816

http://secunia.com/advisories/43308

http://secunia.com/advisories/44183

http://secunia.com/advisories/44954

http://secunia.com/advisories/48577

http://security.gentoo.org/glsa/glsa-200912-01.xml

http://security.gentoo.org/glsa/glsa-201203-22.xml

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://securitytracker.com/id?1023148

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

http://support.apple.com/kb/HT4004

http://support.apple.com/kb/HT4170

http://support.apple.com/kb/HT4171

http://support.avaya.com/css/P8/documents/100070150

http://support.avaya.com/css/P8/documents/100081611

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100114327

http://support.citrix.com/article/CTX123359

http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES

http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

http://sysoev.ru/nginx/patch.cve-2009-3555.txt

http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

http://ubuntu.com/usn/usn-923-1

http://wiki.rpath.com/Advisories:rPSA-2009-0155

http://www.arubanetworks.com/support/alerts/aid-020810.txt

http://www.betanews.com/article/1257452450

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

http://www.debian.org/security/2009/dsa-1934

http://www.debian.org/security/2011/dsa-2141

http://www.debian.org/security/2015/dsa-3253

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

http://www.ingate.com/Relnote.php?ver=481

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.kb.cert.org/vuls/id/120541

http://www.links.org/?p=780

http://www.links.org/?p=786

http://www.links.org/?p=789

http://www.mandriva.com/security/advisories?name=MDVSA-2010:076

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://www.mandriva.com/security/advisories?name=MDVSA-2010:089

http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

http://www.openoffice.org/security/cves/CVE-2009-3555.html

http://www.openssl.org/news/secadv_20091111.txt

http://www.openwall.com/lists/oss-security/2009/11/05/3

http://www.openwall.com/lists/oss-security/2009/11/05/5

http://www.openwall.com/lists/oss-security/2009/11/06/3

http://www.openwall.com/lists/oss-security/2009/11/07/3

http://www.openwall.com/lists/oss-security/2009/11/20/1

http://www.openwall.com/lists/oss-security/2009/11/23/10

http://www.opera.com/docs/changelogs/unix/1060/

http://www.opera.com/support/search/view/944/

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

http://www.redhat.com/support/errata/RHSA-2010-0119.html

http://www.redhat.com/support/errata/RHSA-2010-0130.html

http://www.redhat.com/support/errata/RHSA-2010-0155.html

http://www.redhat.com/support/errata/RHSA-2010-0165.html

http://www.redhat.com/support/errata/RHSA-2010-0167.html

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://www.redhat.com/support/errata/RHSA-2010-0339.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

http://www.securityfocus.com/archive/1/507952/100/0/threaded

http://www.securityfocus.com/archive/1/508075/100/0/threaded

http://www.securityfocus.com/archive/1/508130/100/0/threaded

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/archive/1/522176

http://www.securityfocus.com/bid/36935

http://www.securitytracker.com/id?1023163

http://www.securitytracker.com/id?1023204

http://www.securitytracker.com/id?1023205

http://www.securitytracker.com/id?1023206

http://www.securitytracker.com/id?1023207

http://www.securitytracker.com/id?1023208

http://www.securitytracker.com/id?1023209

http://www.securitytracker.com/id?1023210

http://www.securitytracker.com/id?1023211

http://www.securitytracker.com/id?1023212

http://www.securitytracker.com/id?1023213

http://www.securitytracker.com/id?1023214

http://www.securitytracker.com/id?1023215

http://www.securitytracker.com/id?1023216

http://www.securitytracker.com/id?1023217

http://www.securitytracker.com/id?1023218

http://www.securitytracker.com/id?1023219

http://www.securitytracker.com/id?1023224

http://www.securitytracker.com/id?1023243

http://www.securitytracker.com/id?1023270

http://www.securitytracker.com/id?1023271

http://www.securitytracker.com/id?1023272

http://www.securitytracker.com/id?1023273

http://www.securitytracker.com/id?1023274

http://www.securitytracker.com/id?1023275

http://www.securitytracker.com/id?1023411

http://www.securitytracker.com/id?1023426

http://www.securitytracker.com/id?1023427

http://www.securitytracker.com/id?1023428

http://www.securitytracker.com/id?1024789

http://www.tombom.co.uk/blog/?p=85

http://www.ubuntu.com/usn/USN-1010-1

http://www.ubuntu.com/usn/USN-927-1

http://www.ubuntu.com/usn/USN-927-4

http://www.ubuntu.com/usn/USN-927-5

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.vupen.com/english/advisories/2009/3164

http://www.vupen.com/english/advisories/2009/3165

http://www.vupen.com/english/advisories/2009/3205

http://www.vupen.com/english/advisories/2009/3220

http://www.vupen.com/english/advisories/2009/3310

http://www.vupen.com/english/advisories/2009/3313

http://www.vupen.com/english/advisories/2009/3353

http://www.vupen.com/english/advisories/2009/3354

http://www.vupen.com/english/advisories/2009/3484

http://www.vupen.com/english/advisories/2009/3521

http://www.vupen.com/english/advisories/2009/3587

http://www.vupen.com/english/advisories/2010/0086

http://www.vupen.com/english/advisories/2010/0173

http://www.vupen.com/english/advisories/2010/0748

http://www.vupen.com/english/advisories/2010/0848

http://www.vupen.com/english/advisories/2010/0916

http://www.vupen.com/english/advisories/2010/0933

http://www.vupen.com/english/advisories/2010/0982

http://www.vupen.com/english/advisories/2010/0994

http://www.vupen.com/english/advisories/2010/1054

http://www.vupen.com/english/advisories/2010/1107

http://www.vupen.com/english/advisories/2010/1191

http://www.vupen.com/english/advisories/2010/1350

http://www.vupen.com/english/advisories/2010/1639

http://www.vupen.com/english/advisories/2010/1673

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2010/2010

http://www.vupen.com/english/advisories/2010/2745

http://www.vupen.com/english/advisories/2010/3069

http://www.vupen.com/english/advisories/2010/3086

http://www.vupen.com/english/advisories/2010/3126

http://www.vupen.com/english/advisories/2011/0032

http://www.vupen.com/english/advisories/2011/0033

http://www.vupen.com/english/advisories/2011/0086

http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

http://www-01.ibm.com/support/docview.wss?uid=swg24006386

http://www-01.ibm.com/support/docview.wss?uid=swg24025312

http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

https://bugzilla.mozilla.org/show_bug.cgi?id=526689

https://bugzilla.mozilla.org/show_bug.cgi?id=545755

https://bugzilla.redhat.com/show_bug.cgi?id=533125

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://kb.bluecoat.com/index?page=content&id=SA50

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535

https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html

Details

Source: MITRE

Published: 2009-11-09

Updated: 2019-07-03

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM