CVE-2009-3555

medium

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

http://www.tombom.co.uk/blog/?p=85

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

http://secunia.com/advisories/37292

https://bugzilla.mozilla.org/show_bug.cgi?id=526689

http://extendedsubset.com/?p=8

http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

http://www.vupen.com/english/advisories/2009/3165

http://marc.info/?l=cryptography&m=125752275331877&w=2

http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

http://www.vupen.com/english/advisories/2009/3164

http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

http://kbase.redhat.com/faq/docs/DOC-20491

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

http://www.securityfocus.com/bid/36935

http://www.betanews.com/article/1257452450

http://www.openwall.com/lists/oss-security/2009/11/06/3

http://www.openwall.com/lists/oss-security/2009/11/05/3

https://bugzilla.redhat.com/show_bug.cgi?id=533125

http://www.links.org/?p=780

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

http://secunia.com/advisories/37291

http://www.openwall.com/lists/oss-security/2009/11/05/5

http://www.openwall.com/lists/oss-security/2009/11/07/3

http://extendedsubset.com/Renegotiating_TLS.pdf

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

http://www.securitytracker.com/id?1023163

http://www.kb.cert.org/vuls/id/120541

http://www.links.org/?p=789

http://seclists.org/fulldisclosure/2009/Nov/139

http://blogs.iss.net/archive/sslmitmiscsrf.html

http://www.links.org/?p=786

http://www.vupen.com/english/advisories/2009/3220

http://support.citrix.com/article/CTX123359

http://secunia.com/advisories/37320

http://www.vupen.com/english/advisories/2009/3205

http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

http://securitytracker.com/id?1023148

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

http://www.debian.org/security/2009/dsa-1934

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

http://sysoev.ru/nginx/patch.cve-2009-3555.txt

http://www.openwall.com/lists/oss-security/2009/11/20/1

http://www.openwall.com/lists/oss-security/2009/11/23/10

http://wiki.rpath.com/Advisories:rPSA-2009-0155

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html

http://www.securitytracker.com/id?1023272

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html

http://www.securitytracker.com/id?1023271

http://openbsd.org/errata45.html#010_openssl

http://www.securitytracker.com/id?1023207

http://secunia.com/advisories/37656

http://www.securitytracker.com/id?1023211

http://www.securitytracker.com/id?1023218

http://www.vupen.com/english/advisories/2009/3353

http://www.securitytracker.com/id?1023209

http://www.securitytracker.com/id?1023273

http://security.gentoo.org/glsa/glsa-200912-01.xml

http://www.securitytracker.com/id?1023215

http://www.ingate.com/Relnote.php?ver=481

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html

http://secunia.com/advisories/37504

http://www.securitytracker.com/id?1023208

http://www.securitytracker.com/id?1023212

http://www.securitytracker.com/id?1023243

https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

http://clicky.me/tlsvuln

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html

http://www.securitytracker.com/id?1023204

http://secunia.com/advisories/37501

http://www.securitytracker.com/id?1023217

http://www.securitytracker.com/id?1023210

http://www.securitytracker.com/id?1023274

http://secunia.com/advisories/37675

http://www.securitytracker.com/id?1023205

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

http://www.securitytracker.com/id?1023275

http://www.securitytracker.com/id?1023216

http://openbsd.org/errata46.html#004_openssl

http://www.securitytracker.com/id?1023270

http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

http://www.securitytracker.com/id?1023206

http://osvdb.org/60521

http://www.securitytracker.com/id?1023219

http://www.vupen.com/english/advisories/2009/3354

http://secunia.com/advisories/37604

http://secunia.com/advisories/37859

http://www.vupen.com/english/advisories/2009/3484

http://www.vupen.com/english/advisories/2009/3587

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

http://www-01.ibm.com/support/docview.wss?uid=swg24025312

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html

http://secunia.com/advisories/37640

http://osvdb.org/60972

http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only

http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

http://www.vupen.com/english/advisories/2009/3521

http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://secunia.com/advisories/38056

http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES

http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

http://support.apple.com/kb/HT4004

http://secunia.com/advisories/38241

http://www.vupen.com/english/advisories/2010/0173

http://secunia.com/advisories/38484

http://osvdb.org/62210

http://www.arubanetworks.com/support/alerts/aid-020810.txt

http://www.vupen.com/english/advisories/2010/0086

http://secunia.com/advisories/38003

http://support.avaya.com/css/P8/documents/100070150

http://www.securitytracker.com/id?1023428

http://www.securitytracker.com/id?1023427

http://www.securitytracker.com/id?1023411

http://www.securitytracker.com/id?1023426

http://www.redhat.com/support/errata/RHSA-2010-0119.html

http://secunia.com/advisories/38687

http://secunia.com/advisories/38020

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

http://www.redhat.com/support/errata/RHSA-2010-0167.html

http://www.redhat.com/support/errata/RHSA-2010-0155.html

http://www.vupen.com/english/advisories/2010/0748

http://secunia.com/advisories/39243

http://secunia.com/advisories/39136

https://bugzilla.mozilla.org/show_bug.cgi?id=545755

http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

http://secunia.com/advisories/39242

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://www.redhat.com/support/errata/RHSA-2010-0339.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://secunia.com/advisories/39317

http://ubuntu.com/usn/usn-923-1

http://secunia.com/advisories/39292

http://secunia.com/advisories/37453

http://www.securitytracker.com/id?1023224

http://secunia.com/advisories/37383

http://secunia.com/advisories/37399

http://www.vupen.com/english/advisories/2009/3310

http://www.vupen.com/english/advisories/2009/3313

http://www.securitytracker.com/id?1023214

http://www.securitytracker.com/id?1023213

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

http://www.vupen.com/english/advisories/2010/0848

http://secunia.com/advisories/38781

http://secunia.com/advisories/39278

http://www.redhat.com/support/errata/RHSA-2010-0130.html

http://www.ubuntu.com/usn/USN-927-1

http://secunia.com/advisories/39500

http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848

http://www.vupen.com/english/advisories/2010/0982

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:076

http://www.vupen.com/english/advisories/2010/0933

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://secunia.com/advisories/39628

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

http://secunia.com/advisories/39461

http://www.vupen.com/english/advisories/2010/0916

http://www.mandriva.com/security/advisories?name=MDVSA-2010:089

http://www.vupen.com/english/advisories/2010/1054

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html

http://support.avaya.com/css/P8/documents/100081611

http://www.redhat.com/support/errata/RHSA-2010-0165.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html

http://secunia.com/advisories/39632

http://secunia.com/advisories/39713

http://www.vupen.com/english/advisories/2010/0994

http://marc.info/?l=bugtraq&m=127419602507642&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://www.vupen.com/english/advisories/2010/1107

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

http://secunia.com/advisories/39819

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

http://support.apple.com/kb/HT4170

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

http://support.apple.com/kb/HT4171

http://www.vupen.com/english/advisories/2010/1191

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

http://www.vupen.com/english/advisories/2010/1350

http://secunia.com/advisories/40070

http://osvdb.org/65202

http://www.openoffice.org/security/cves/CVE-2009-3555.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

http://secunia.com/advisories/39127

http://www.vupen.com/english/advisories/2010/1639

http://www.opera.com/support/search/view/944/

http://www.ubuntu.com/usn/USN-927-5

http://www.vupen.com/english/advisories/2010/1673

http://www.opera.com/docs/changelogs/unix/1060/

http://www.ubuntu.com/usn/USN-927-4

http://www.vupen.com/english/advisories/2010/1793

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://secunia.com/advisories/40545

http://secunia.com/advisories/40747

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041

http://www.vupen.com/english/advisories/2010/2010

http://secunia.com/advisories/40866

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

http://secunia.com/advisories/41490

http://secunia.com/advisories/41480

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.vupen.com/english/advisories/2010/2745

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100114327

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

http://www.ubuntu.com/usn/USN-1010-1

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://secunia.com/advisories/41972

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://secunia.com/advisories/41967

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.vupen.com/english/advisories/2010/3086

http://www-01.ibm.com/support/docview.wss?uid=swg24006386

http://secunia.com/advisories/42379

http://secunia.com/advisories/42377

http://www.securitytracker.com/id?1024789

http://secunia.com/advisories/42467

http://www.vupen.com/english/advisories/2010/3126

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.vupen.com/english/advisories/2010/3069

http://secunia.com/advisories/42811

http://www.vupen.com/english/advisories/2011/0032

http://www.debian.org/security/2011/dsa-2141

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://secunia.com/advisories/42724

http://secunia.com/advisories/42816

http://secunia.com/advisories/42808

http://secunia.com/advisories/42733

https://kb.bluecoat.com/index?page=content&id=SA50

http://www.vupen.com/english/advisories/2011/0033

http://www.vupen.com/english/advisories/2011/0086

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://secunia.com/advisories/43308

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://secunia.com/advisories/44183

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

http://marc.info/?l=bugtraq&m=132077688910227&w=2

http://secunia.com/advisories/44954

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

http://www.securityfocus.com/archive/1/522176

http://security.gentoo.org/glsa/glsa-201203-22.xml

http://secunia.com/advisories/48577

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.openssl.org/news/secadv_20091111.txt

http://secunia.com/advisories/41818

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://www.debian.org/security/2015/dsa-3253

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

http://marc.info/?l=bugtraq&m=127128920008563&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=127557596201693&w=2

http://marc.info/?l=bugtraq&m=126150535619567&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.securityfocus.com/archive/1/508130/100/0/threaded

http://www.securityfocus.com/archive/1/508075/100/0/threaded

http://www.securityfocus.com/archive/1/507952/100/0/threaded

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

Details

Source: MITRE

Published: 2009-11-09

Updated: 2022-08-04

Type: CWE-295

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM