CVE-2009-3555
Summary
| CVE | CVE-2009-3555 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-11-09 17:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:N/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Http Server | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Debian | Debian Linux | 4.0 | All | All | All |
| Operating System | Debian | Debian Linux | 5.0 | All | All | All |
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | F5 | Nginx | All | All | All | All |
| Operating System | Fedoraproject | Fedora | 11 | All | All | All |
| Operating System | Fedoraproject | Fedora | 12 | All | All | All |
| Operating System | Fedoraproject | Fedora | 13 | All | All | All |
| Operating System | Fedoraproject | Fedora | 14 | All | All | All |
| Application | Gnu | Gnutls | All | All | All | All |
| Application | Mozilla | Nss | All | All | All | All |
| Application | Openssl | Openssl | 1.0 | All | openvms | All |
| Application | Openssl | Openssl | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenBSD 4.5 errata | af854a3a-2127-422b-91ae-364da2661108 | openbsd.org | Third Party Advisory |
| URL shortener analytics and visitor tracking | clicky.me | af854a3a-2127-422b-91ae-364da2661108 | clicky.me | Exploit, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Security | af854a3a-2127-422b-91ae-364da2661108 | blogs.sun.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:013 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| [security-announce] SUSE Security Announcement: IBM Java 1.4.2 (SUSE-SA: | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| Indiscreet tweet trips awareness of Web SSL vulnerability | Security News - Betanews | af854a3a-2127-422b-91ae-364da2661108 | www.betanews.com | Third Party Advisory |
| Links » SSL MitM Attack, Part 2 | af854a3a-2127-422b-91ae-364da2661108 | www.links.org | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco ONS Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| About Security Update 2010-001 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| About the security content of Java for Mac OS X 10.5 Update 7 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| #273350: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Broken Link |
| [SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| US-CERT Technical Cyber Security Alert TA10-222A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Advisories | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Thoughts on the TLS bug « Chris Paget's Blog | af854a3a-2127-422b-91ae-364da2661108 | www.tombom.co.uk | Broken Link |
| Red Hat update for java-1.6.0-ibm - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| ASA-2010-119 (RHSA-2010-0165) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| Pony Mail! | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| Slackware update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| '[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| [SECURITY] Fedora 11 Update: tomcat-native-1.1.18-1.fc11 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:012 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| Red Hat update for gnutls - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Gentoo Linux Documentation -- OpenSSL: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| IBM WebSphere Application Server for z/OS Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| VMware vCenter Server 4.1 Update 1 Release Notes | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| 'CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| Re: TLS renegotiation MITM | af854a3a-2127-422b-91ae-364da2661108 | lists.gnu.org | Third Party Advisory |
| IBM DB2 Data Manipulation and Buffer Overflow Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability - Cisco Systems | af854a3a-2127-422b-91ae-364da2661108 | www.cisco.com | Third Party Advisory |
| SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541 | af854a3a-2127-422b-91ae-364da2661108 | support.f5.com | Third Party Advisory |
| Oracle Critical Patch Update Pre-Release Announcement - October 2010 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | svn.resiprocate.org | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Wireless Location Appliance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 11 Update: openssl-0.9.8n-1.fc11 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Red Hat Knowledgebase: Is Red Hat affected by TLS renegotiation MITM attacks (CVE-2009-3555)? | af854a3a-2127-422b-91ae-364da2661108 | kbase.redhat.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Citrix Secure Gateway TLS Session Renegotiation Plaintext Injection - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Debian -- Security Information -- DSA-2141-1 openssl | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| '[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| SUSE Update for Multiple Packages - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat update for JBoss Enterprise Web Server - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| sunsolve.sun.com/search/document.do | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Broken Link |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| IBM PM12247: SHIP APAR FIXES FOR H28W610 FIX PACK 6.1.0.31. - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Full Disclosure: Re: SSL/TLS MiTM PoC | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Fedora update for openssl - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Support | Red Hat | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| '[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Inform' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| USN-1010-1: OpenJDK vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Support | Red Hat | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| oss-security - Re: CVE-2009-3555 for TLS renegotiation MITM attacks | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Bug 533125 – CVE-2009-3555 TLS: MITM attacks via session renegotiation | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Nothing found for Support Alerts Aid 020810 Txt | af854a3a-2127-422b-91ae-364da2661108 | www.arubanetworks.com | Broken Link |
| kb.bluecoat.com/index | af854a3a-2127-422b-91ae-364da2661108 | kb.bluecoat.com | Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| ASA-2009-548 | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Application Control Engine Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| HP-UX update for OpenSSL - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Patch, Third Party Advisory, VDB Entry |
| OpenOffice.org Data Manipulation and Code Execution Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Application Velocity System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| [SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco NX-OS Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 12 Update: tomcat-native-1.1.18-1.fc12 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Apple Mac OS X update for Java - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| '[security bulletin] HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| IBM IC68054: SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION WEAK SECURITY CVE-2009-3555 - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| VMSA-2011-0003 | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Third Party Advisory |
| osvdb.org/60521 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| Mozilla SeaMonkey Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| 'OpenSSL 0.9.8l released' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| osvdb.org/65202 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| SUSE update for openssl - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| APPLE-SA-2010-05-18-1 Java for Mac OS X 10.6 Update 2 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Mailing List, Third Party Advisory |
| SecurityTracker.com Archives - CiscoWorks Common Services Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Avaya Products NSS TLS Session Renegotiation Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| osvdb.org/60972 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| [SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| SecurityTracker.com Archives - Cisco ASA Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| IBM MS81: WebSphere MQ Internet Pass-Thru - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Fedora update for httpd - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| IBM - Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.1 Fix Pack 9 | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Understanding the TLS Renegotiation Attack - Educated Guesswork | af854a3a-2127-422b-91ae-364da2661108 | www.educatedguesswork.org | Third Party Advisory |
| [security-announce] SUSE Security Announcement: openssl (SUSE-SA:2009:05 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| Ubuntu update for openjdk-6 - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:019 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| HP System Management Homepage Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| OpenBSD 4.6 errata | af854a3a-2127-422b-91ae-364da2661108 | openbsd.org | Third Party Advisory |
| G-SEC - Blog: TLS / SSLv3 renegotiation vulnerability explained (Update #2)( | af854a3a-2127-422b-91ae-364da2661108 | blog.g-sec.lu | Third Party Advisory |
| IBM - IBM HTTP Server interim fix for PM00675 | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Debian -- Security Information -- DSA-1934-1 apache2 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Unified SIP Phones Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.proftpd.org | Broken Link |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Broken Link |
| SecurityTracker.com Archives - IBM WebSphere MQ Internet pass-thru Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| VMSA-2010-0019.3 | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Third Party Advisory |
| Microsoft Security Bulletin MS10-049 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | Patch, Vendor Advisory |
| Support | Red Hat | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| CVE-2011-4745, CVE-2011-4746, CVE-2011-4747, CVE-2009-3555, CVE-2011-4748, CVE-2011-4749, XSS, Cross Site Scripting in psa v10.3.1_build1013110726.09 os_RedHat el6, Billing Manager, CWE-79, CAPEC-86, DORK, GHDB | af854a3a-2127-422b-91ae-364da2661108 | xss.cx | Exploit, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| osvdb.org/62210 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| Mozilla Firefox Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| USN-927-4: nss vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| '[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| VMware vCenter / ESX Server Update for Oracle (Sun) JRE - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2011:0845-1: important: compat-openssl09 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| Red Hat update for java-1.5.0-ibm - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| BlackBerry Enterprise Server Multiple Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| sysoev.ru/nginx/patch.cve-2009-3555.txt | af854a3a-2127-422b-91ae-364da2661108 | sysoev.ru | Broken Link |
| IBM IC67848: SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATIONWEAK SECURITY CVE-2009-3555 - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| 545755 – Update Mozilla stable branches to NSS 3.12.6 and minimal support for RFC 5746 | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Third Party Advisory |
| SecurityTracker.com Archives - Cisco IOS Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | Third Party Advisory, VDB Entry |
| Opera: Opera 10.60 (with Opera Widgets for Desktop) for UNIX changelog | af854a3a-2127-422b-91ae-364da2661108 | www.opera.com | Third Party Advisory |
| [SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 12 Update: httpd-2.2.14-1.fc12 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Advisory: TLS protocol vulnerable to Man In The Middle attack - Opera Knowledge Base | af854a3a-2127-422b-91ae-364da2661108 | www.opera.com | Third Party Advisory |
| Links » Another Protocol Bites The Dust | af854a3a-2127-422b-91ae-364da2661108 | www.links.org | Third Party Advisory |
| SecurityTracker.com Archives - CiscoWorks Wireless LAN Solution Engine (WLSE) Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SecurityTracker.com Archives - Cisco Telepresence Recording Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Support | Red Hat | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Aruba Mobility Controller TLS Session Renegotiation Plaintext Injection - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| HP System Management Homepage Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Ubuntu update for nss - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Oracle Open Office Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| [SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Sun Solaris OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| About the security content of Java for Mac OS X 10.6 Update 2 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| oss-security - CVE-2009-3555 for TLS renegotiation MITM attacks | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| F5 Products TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:008 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Debian update for apache2 - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| #273029: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Broken Link |
| [TLS] MITM attack on delayed TLS-client auth through renegotiation | af854a3a-2127-422b-91ae-364da2661108 | www.ietf.org | Third Party Advisory |
| Links » SSL MitM, Day 4 | af854a3a-2127-422b-91ae-364da2661108 | www.links.org | Third Party Advisory |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| Cisco Multiple Products TLS Session Renegotiation Plaintext Injection - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| ASA-2010-308 (RHSA-2010-0768) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| Ubuntu update for openjdk - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityTracker.com Archives - OpenBSD Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| sunsolve.sun.com/search/document.do | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Broken Link |
| Extended Subset » Blog Archive » Authentication Gap in TLS Renegotiation | af854a3a-2127-422b-91ae-364da2661108 | extendedsubset.com | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| HPSBGN02562 SSRT090249 rev.1 - HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A running TLS/SSL, Remote Unauthorized Data Injection, Denial of Service (DoS) - c02436041 - HP Business Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | Broken Link |
| Page not found - Thủ thuật nhà cái | af854a3a-2127-422b-91ae-364da2661108 | extendedsubset.com | Broken Link |
| APPLE-SA-2010-01-19-1 Security Update 2010-001 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Mailing List, Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| US-CERT Technical Cyber Security Alert TA10-287A -- Oracle Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Video Surveillance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SecurityTracker.com Archives - Cisco Secure Access Control Server Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| oss-security - Re: CVEs for nginx | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| SecurityTracker.com Archives - Cisco Security Agent Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Zeus Web Server Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Sun Java System Products TLS Session Renegotiation Plaintext Injection - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| HP ProCurve Threat Management Services zl Module TLS/SSL Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Apache Mail Archives | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES | af854a3a-2127-422b-91ae-364da2661108 | support.zeus.com | Broken Link |
| HP Systems Insight Manager Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Frequency X Blog | af854a3a-2127-422b-91ae-364da2661108 | blogs.iss.net | Broken Link |
| www.itrc.hp.com/service/cki/docDisplay.do | af854a3a-2127-422b-91ae-364da2661108 | www.itrc.hp.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| The Apache Tomcat Native - Miscellaneous Documentation - | af854a3a-2127-422b-91ae-364da2661108 | tomcat.apache.org | Broken Link |
| Security Advisories | Mandriva Linux | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Apache Mail Archives | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Wide Area Application Services Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SecurityTracker.com Archives - Sun Java System Web Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| 526689 – (CVE-2009-3555) SSL3 & TLS Renegotiation Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| '[security bulletin] HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data In' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| SecurityTracker.com Archives - Content Services Switch Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| [TLS] TLS renegotiation issue | af854a3a-2127-422b-91ae-364da2661108 | www.ietf.org | Third Party Advisory |
| SecurityTracker.com Archives - Solaris Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Hitachi Products Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Unified Contact Center Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| MFSA 2010-22: Update NSS to support TLS renegotiation indication | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Third Party Advisory |
| Release notice for Ingate Firewall® 4.8.1 and Ingate SIParator® 4.8.1 | af854a3a-2127-422b-91ae-364da2661108 | www.ingate.com | Third Party Advisory |
| ProFTPD TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Debian update for openssl - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Gentoo Linux Documentation -- nginx: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:011 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| '[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SS' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| USN-923-1: OpenJDK vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | Third Party Advisory |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Red Hat update for java-1.5.0-ibm - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Wireless LAN Controller Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| www.openssl.org/news/secadv_20091111.txt | af854a3a-2127-422b-91ae-364da2661108 | www.openssl.org | Third Party Advisory |
| Avaya Products TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Content Switching Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| USN-927-1: NSS vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:024 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| ASA-2010-307 (RHSA-2010-0770) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) - c01945686 - HP Business Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | Broken Link |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Advisories | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| Fedora update for tomcat-native - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| '[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CS' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| The Secure Goose: TLS renegotiation vulnerability (CVE-2009-3555) | af854a3a-2127-422b-91ae-364da2661108 | www.securegoose.org | Third Party Advisory |
| SecurityTracker.com Archives - Sun Java System Web Proxy Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Mozilla Thunderbird Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Application Networking Manager Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Pony Mail! | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| CTX123359 - Transport Layer Security Renegotiation Vulnerability - Citrix Knowledge Center | af854a3a-2127-422b-91ae-364da2661108 | support.citrix.com | Third Party Advisory |
| Red Hat JBoss Enterprise Web Server Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Advisories:rPSA-2009-0155 - rPath Wiki | af854a3a-2127-422b-91ae-364da2661108 | wiki.rpath.com | Third Party Advisory |
| IBM IC68055: SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION WEAK SECURITY CVE-2009-3555 - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Debian update for nss - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [SECURITY] Fedora 10 Update: httpd-2.2.14-1.fc10 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| oss-security - Re: CVE-2009-3555 for TLS renegotiation MITM attacks | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| CVE-2009-3555 | af854a3a-2127-422b-91ae-364da2661108 | www.openoffice.org | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Digital Media Media Player and Digital Media Manager Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SecurityTracker.com Archives - Cisco Wireless Control System Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | slackware.com | Third Party Advisory |
| oss-security - Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| '[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Third Party Advisory |
| ZWS 4.3r5 released (News) | af854a3a-2127-422b-91ae-364da2661108 | support.zeus.com | Broken Link |
| US-CERT Vulnerability Note VU#120541 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| [security-announce] SUSE-SU-2011:0847-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| F5 Products TLS Session Renegotiation Plaintext Injection Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| SecurityTracker.com Archives - Cisco Firewall Services Module Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cosminexusにおける複数の脆弱性:ソフトウェア製品セキュリティ情報:ソフトウェア:日立 | af854a3a-2127-422b-91ae-364da2661108 | www.hitachi.co.jp | Third Party Advisory |
| SecurityTracker.com Archives - Sun GlassFish Enterprise Server/Sun Java Application Server SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| itrc.hp.com/service/cki/docDisplay.do | af854a3a-2127-422b-91ae-364da2661108 | itrc.hp.com | Broken Link |
| #274990: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Broken Link |
| oss-security - CVEs for nginx | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| IBM Search results - United States | af854a3a-2127-422b-91ae-364da2661108 | www-1.ibm.com | Third Party Advisory |
| IBM - Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.7 Fix Pack 2 | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| cpuapr2011 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3253-1 pound | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| APPLE-SA-2010-05-18-2 Java for Mac OS X 10.5 Update 7 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Mailing List, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Citrix Products Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| USN-927-5: nspr update | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| access.redhat.com | CVE-2009-3555 | MITRE | access.redhat.com | |
| Apache Mail Archives | MITRE | lists.apache.org | |
| Apache Mail Archives | MITRE | lists.apache.org | |
| Pony Mail! | MITRE | lists.apache.org | |
| Pony Mail! | MITRE | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2009-11-20 | Tomas Hoger | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491 |
Legacy QID Mappings
- 390279 Oracle Managed Virtualization (VM) Server for x86 Security Update for nss (OVMSA-2023-0014)
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
- 591186 Mitsubishi Electric Air Conditioning Systems Multiple Vulnerabilities (ICSA-22-160-01)
- 997471 Java (Maven) Security Update for org.apache.tomcat:tomcat (GHSA-f7w7-6pjc-wwm6)