CVE-2009-3555

critical

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

Advisories
More

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088

https://kb.bluecoat.com/index?page=content&id=SA50

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

https://bugzilla.redhat.com/show_bug.cgi?id=533125

https://bugzilla.mozilla.org/show_bug.cgi?id=545755

https://bugzilla.mozilla.org/show_bug.cgi?id=526689

http://www.vupen.com/english/advisories/2011/0086

http://www.vupen.com/english/advisories/2011/0033

http://www.vupen.com/english/advisories/2011/0032

http://www.vupen.com/english/advisories/2010/3126

http://www.vupen.com/english/advisories/2010/3086

http://www.vupen.com/english/advisories/2010/3069

http://www.vupen.com/english/advisories/2010/2745

http://www.vupen.com/english/advisories/2010/2010

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2010/1673

http://www.vupen.com/english/advisories/2010/1639

http://www.vupen.com/english/advisories/2010/1350

http://www.vupen.com/english/advisories/2010/1191

http://www.vupen.com/english/advisories/2010/1107

http://www.vupen.com/english/advisories/2010/1054

http://www.vupen.com/english/advisories/2010/0994

http://www.vupen.com/english/advisories/2010/0982

http://www.vupen.com/english/advisories/2010/0933

http://www.vupen.com/english/advisories/2010/0916

http://www.vupen.com/english/advisories/2010/0848

http://www.vupen.com/english/advisories/2010/0748

http://www.vupen.com/english/advisories/2010/0173

http://www.vupen.com/english/advisories/2010/0086

http://www.vupen.com/english/advisories/2009/3587

http://www.vupen.com/english/advisories/2009/3521

http://www.vupen.com/english/advisories/2009/3484

http://www.vupen.com/english/advisories/2009/3354

http://www.vupen.com/english/advisories/2009/3353

http://www.vupen.com/english/advisories/2009/3313

http://www.vupen.com/english/advisories/2009/3310

http://www.vupen.com/english/advisories/2009/3220

http://www.vupen.com/english/advisories/2009/3205

http://www.vupen.com/english/advisories/2009/3165

http://www.vupen.com/english/advisories/2009/3164

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

http://www.ubuntu.com/usn/USN-927-5

http://www.ubuntu.com/usn/USN-927-4

http://www.ubuntu.com/usn/USN-927-1

http://www.ubuntu.com/usn/USN-1010-1

http://www.securitytracker.com/id?1024789

http://www.securitytracker.com/id?1023428

http://www.securitytracker.com/id?1023427

http://www.securitytracker.com/id?1023426

http://www.securitytracker.com/id?1023411

http://www.securitytracker.com/id?1023275

http://www.securitytracker.com/id?1023274

http://www.securitytracker.com/id?1023273

http://www.securitytracker.com/id?1023272

http://www.securitytracker.com/id?1023271

http://www.securitytracker.com/id?1023270

http://www.securitytracker.com/id?1023243

http://www.securitytracker.com/id?1023224

http://www.securitytracker.com/id?1023219

http://www.securitytracker.com/id?1023218

http://www.securitytracker.com/id?1023217

http://www.securitytracker.com/id?1023216

http://www.securitytracker.com/id?1023215

http://www.securitytracker.com/id?1023214

http://www.securitytracker.com/id?1023213

http://www.securitytracker.com/id?1023212

http://www.securitytracker.com/id?1023211

http://www.securitytracker.com/id?1023210

http://www.securitytracker.com/id?1023209

http://www.securitytracker.com/id?1023208

http://www.securitytracker.com/id?1023207

http://www.securitytracker.com/id?1023206

http://www.securitytracker.com/id?1023205

http://www.securitytracker.com/id?1023204

http://www.securitytracker.com/id?1023163

http://www.securityfocus.com/archive/1/522176

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.securityfocus.com/archive/1/508130/100/0/threaded

http://www.securityfocus.com/archive/1/508075/100/0/threaded

http://www.securityfocus.com/archive/1/507952/100/0/threaded

http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.redhat.com/support/errata/RHSA-2010-0339.html

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://www.redhat.com/support/errata/RHSA-2010-0167.html

http://www.redhat.com/support/errata/RHSA-2010-0165.html

http://www.redhat.com/support/errata/RHSA-2010-0155.html

http://www.redhat.com/support/errata/RHSA-2010-0130.html

http://www.redhat.com/support/errata/RHSA-2010-0119.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.opera.com/support/search/view/944/

http://www.opera.com/docs/changelogs/unix/1060/

http://www.openwall.com/lists/oss-security/2009/11/23/10

http://www.openwall.com/lists/oss-security/2009/11/20/1

http://www.openwall.com/lists/oss-security/2009/11/07/3

http://www.openwall.com/lists/oss-security/2009/11/06/3

http://www.openwall.com/lists/oss-security/2009/11/05/5

http://www.openwall.com/lists/oss-security/2009/11/05/3

http://www.openssl.org/news/secadv_20091111.txt

http://www.openoffice.org/security/cves/CVE-2009-3555.html

http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

http://www.links.org/?p=789

http://www.links.org/?p=786

http://www.links.org/?p=780

http://www.kb.cert.org/vuls/id/120541

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.ingate.com/Relnote.php?ver=481

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

http://www.debian.org/security/2015/dsa-3253

http://www.debian.org/security/2011/dsa-2141

http://www.debian.org/security/2009/dsa-1934

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

http://www.betanews.com/article/1257452450

http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only

http://www-01.ibm.com/support/docview.wss?uid=swg24025312

http://www-01.ibm.com/support/docview.wss?uid=swg24006386

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054

http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848

http://wiki.rpath.com/Advisories:rPSA-2009-0155

http://ubuntu.com/usn/usn-923-1

http://support.citrix.com/article/CTX123359

http://support.avaya.com/css/P8/documents/100114327

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100081611

http://support.avaya.com/css/P8/documents/100070150

http://support.apple.com/kb/HT4171

http://support.apple.com/kb/HT4170

http://support.apple.com/kb/HT4004

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

http://securitytracker.com/id?1023148

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://security.gentoo.org/glsa/glsa-201203-22.xml

http://security.gentoo.org/glsa/glsa-200912-01.xml

http://secunia.com/advisories/48577

http://secunia.com/advisories/44954

http://secunia.com/advisories/44183

http://secunia.com/advisories/43308

http://secunia.com/advisories/42816

http://secunia.com/advisories/42811

http://secunia.com/advisories/42808

http://secunia.com/advisories/42733

http://secunia.com/advisories/42724

http://secunia.com/advisories/42467

http://secunia.com/advisories/42379

http://secunia.com/advisories/42377

http://secunia.com/advisories/41972

http://secunia.com/advisories/41967

http://secunia.com/advisories/41818

http://secunia.com/advisories/41490

http://secunia.com/advisories/41480

http://secunia.com/advisories/40866

http://secunia.com/advisories/40747

http://secunia.com/advisories/40545

http://secunia.com/advisories/40070

http://secunia.com/advisories/39819

https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

Details

Source: Mitre, NVD

Published: 2009-11-09

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02942