U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2009-3555 Detail

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html CVE, Inc., Red Hat Broken Link 
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html CVE, Inc., Red Hat Third Party Advisory 
http://blogs.iss.net/archive/sslmitmiscsrf.html CVE, Inc., Red Hat Broken Link 
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during CVE, Inc., Red Hat Third Party Advisory 
http://clicky.me/tlsvuln CVE, Inc., Red Hat Exploit  Third Party Advisory 
http://extendedsubset.com/?p=8 CVE, Inc., Red Hat Broken Link 
http://extendedsubset.com/Renegotiating_TLS.pdf CVE, Inc., Red Hat Broken Link 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 CVE, Inc., Red Hat Broken Link 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 CVE, Inc., Red Hat Broken Link 
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 CVE, Inc., Red Hat Broken Link 
http://kbase.redhat.com/faq/docs/DOC-20491 CVE, Inc., Red Hat Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html CVE, Inc., Red Hat Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=126150535619567&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=127128920008563&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=127419602507642&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=127557596201693&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=130497311408250&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=132077688910227&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=133469267822771&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=134254866602253&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=bugtraq&m=142660345230545&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://marc.info/?l=cryptography&m=125752275331877&w=2 CVE, Inc., Red Hat Third Party Advisory 
http://openbsd.org/errata45.html#010_openssl CVE, Inc., Red Hat Third Party Advisory 
http://openbsd.org/errata46.html#004_openssl CVE, Inc., Red Hat Third Party Advisory 
http://osvdb.org/60521 CVE, Inc., Red Hat Broken Link 
http://osvdb.org/60972 CVE, Inc., Red Hat Broken Link 
http://osvdb.org/62210 CVE, Inc., Red Hat Broken Link 
http://osvdb.org/65202 CVE, Inc., Red Hat Broken Link 
http://seclists.org/fulldisclosure/2009/Nov/139 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://secunia.com/advisories/37291 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37292 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37320 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37383 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37399 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37453 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37501 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37504 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37604 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37640 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37656 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37675 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/37859 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38003 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38020 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38056 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38241 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38484 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38687 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/38781 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39127 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39136 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39242 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39243 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39278 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39292 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39317 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39461 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39500 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39628 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39632 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39713 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/39819 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/40070 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/40545 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/40747 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/40866 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/41480 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/41490 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/41818 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/41967 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/41972 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42377 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42379 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42467 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42724 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42733 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42808 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42811 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/42816 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/43308 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/44183 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/44954 CVE, Inc., Red Hat Third Party Advisory 
http://secunia.com/advisories/48577 CVE, Inc., Red Hat Third Party Advisory 
http://security.gentoo.org/glsa/glsa-200912-01.xml CVE, Inc., Red Hat Third Party Advisory 
http://security.gentoo.org/glsa/glsa-201203-22.xml CVE, Inc., Red Hat Third Party Advisory 
http://security.gentoo.org/glsa/glsa-201406-32.xml CVE, Inc., Red Hat Third Party Advisory 
http://securitytracker.com/id?1023148 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 CVE, Inc., Red Hat Third Party Advisory 
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 CVE, Inc., Red Hat Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 CVE, Inc., Red Hat Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 CVE, Inc., Red Hat Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 CVE, Inc., Red Hat Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 CVE, Inc., Red Hat Broken Link 
http://support.apple.com/kb/HT4004 CVE, Inc., Red Hat Third Party Advisory 
http://support.apple.com/kb/HT4170 CVE, Inc., Red Hat Third Party Advisory 
http://support.apple.com/kb/HT4171 CVE, Inc., Red Hat Third Party Advisory 
http://support.avaya.com/css/P8/documents/100070150 CVE, Inc., Red Hat Third Party Advisory 
http://support.avaya.com/css/P8/documents/100081611 CVE, Inc., Red Hat Third Party Advisory 
http://support.avaya.com/css/P8/documents/100114315 CVE, Inc., Red Hat Third Party Advisory 
http://support.avaya.com/css/P8/documents/100114327 CVE, Inc., Red Hat Third Party Advisory 
http://support.citrix.com/article/CTX123359 CVE, Inc., Red Hat Third Party Advisory 
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES CVE, Inc., Red Hat Broken Link 
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released CVE, Inc., Red Hat Broken Link 
http://sysoev.ru/nginx/patch.cve-2009-3555.txt CVE, Inc., Red Hat Broken Link 
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html CVE, Inc., Red Hat Broken Link 
http://ubuntu.com/usn/usn-923-1 CVE, Inc., Red Hat Third Party Advisory 
http://wiki.rpath.com/Advisories:rPSA-2009-0155 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 CVE, Inc., Red Hat Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 CVE, Inc., Red Hat Third Party Advisory 
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only CVE, Inc., Red Hat Third Party Advisory 
http://www.arubanetworks.com/support/alerts/aid-020810.txt CVE, Inc., Red Hat Broken Link 
http://www.betanews.com/article/1257452450 CVE, Inc., Red Hat Third Party Advisory 
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml CVE, Inc., Red Hat Third Party Advisory 
http://www.debian.org/security/2009/dsa-1934 CVE, Inc., Red Hat Third Party Advisory 
http://www.debian.org/security/2011/dsa-2141 CVE, Inc., Red Hat Third Party Advisory 
http://www.debian.org/security/2015/dsa-3253 CVE, Inc., Red Hat Third Party Advisory 
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html CVE, Inc., Red Hat Third Party Advisory 
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html CVE, Inc., Red Hat Third Party Advisory 
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html CVE, Inc., Red Hat Third Party Advisory 
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html CVE, Inc., Red Hat Third Party Advisory 
http://www.ingate.com/Relnote.php?ver=481 CVE, Inc., Red Hat Third Party Advisory 
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 CVE, Inc., Red Hat Third Party Advisory 
http://www.kb.cert.org/vuls/id/120541 CVE, Inc., Red Hat Third Party Advisory  US Government Resource 
http://www.links.org/?p=780 CVE, Inc., Red Hat Third Party Advisory 
http://www.links.org/?p=786 CVE, Inc., Red Hat Third Party Advisory 
http://www.links.org/?p=789 CVE, Inc., Red Hat Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 CVE, Inc., Red Hat Broken Link 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 CVE, Inc., Red Hat Broken Link 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 CVE, Inc., Red Hat Broken Link 
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html CVE, Inc., Red Hat Third Party Advisory 
http://www.openoffice.org/security/cves/CVE-2009-3555.html CVE, Inc., Red Hat Third Party Advisory 
http://www.openssl.org/news/secadv_20091111.txt CVE, Inc., Red Hat Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/05/3 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/05/5 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/06/3 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/07/3 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/20/1 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/23/10 CVE, Inc., Red Hat Mailing List  Third Party Advisory 
http://www.opera.com/docs/changelogs/unix/1060/ CVE, Inc., Red Hat Third Party Advisory 
http://www.opera.com/support/search/view/944/ CVE, Inc., Red Hat Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CVE, Inc., Red Hat Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CVE, Inc., Red Hat Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CVE, Inc., Red Hat Third Party Advisory 
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c CVE, Inc., Red Hat Broken Link 
http://www.redhat.com/support/errata/RHSA-2010-0119.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0130.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0155.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0165.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0167.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0337.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0338.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0339.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0768.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0770.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0786.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0807.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0865.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0986.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0987.html CVE, Inc., Red Hat Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2011-0880.html CVE, Inc., Red Hat Third Party Advisory 
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html CVE, Inc., Red Hat Third Party Advisory 
http://www.securityfocus.com/archive/1/507952/100/0/threaded CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/508075/100/0/threaded CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/508130/100/0/threaded CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/515055/100/0/threaded CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/516397/100/0/threaded CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/522176 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securityfocus.com/bid/36935 CVE, Inc., Red Hat Exploit  Patch  Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023163 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023204 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023205 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023206 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023207 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023208 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023209 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023210 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023211 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023212 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023213 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023214 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023215 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023216 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023217 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023218 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023219 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023224 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023243 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023270 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023271 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023272 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023273 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023274 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023275 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023411 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023426 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023427 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023428 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1024789 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
http://www.tombom.co.uk/blog/?p=85 CVE, Inc., Red Hat Broken Link 
http://www.ubuntu.com/usn/USN-1010-1 CVE, Inc., Red Hat Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-1 CVE, Inc., Red Hat Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-4 CVE, Inc., Red Hat Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-5 CVE, Inc., Red Hat Third Party Advisory 
http://www.us-cert.gov/cas/techalerts/TA10-222A.html CVE, Inc., Red Hat Third Party Advisory  US Government Resource 
http://www.us-cert.gov/cas/techalerts/TA10-287A.html CVE, Inc., Red Hat Third Party Advisory  US Government Resource 
http://www.vmware.com/security/advisories/VMSA-2010-0019.html CVE, Inc., Red Hat Third Party Advisory 
http://www.vmware.com/security/advisories/VMSA-2011-0003.html CVE, Inc., Red Hat Third Party Advisory 
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3164 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3165 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3205 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3220 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3310 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3313 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3353 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3354 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3484 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3521 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3587 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0086 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0173 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0748 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0848 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0916 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0933 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0982 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0994 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1054 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1107 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1191 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1350 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1639 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1673 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1793 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/2010 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/2745 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3069 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3086 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3126 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0032 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0033 CVE, Inc., Red Hat Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0086 CVE, Inc., Red Hat Third Party Advisory 
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html CVE, Inc., Red Hat Exploit  Third Party Advisory 
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 CVE, Inc., Red Hat Issue Tracking  Third Party Advisory 
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 CVE, Inc., Red Hat Issue Tracking  Third Party Advisory 
https://bugzilla.redhat.com/show_bug.cgi?id=533125 CVE, Inc., Red Hat Issue Tracking  Third Party Advisory 
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 CVE, Inc., Red Hat Patch  Vendor Advisory 
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 CVE, Inc., Red Hat Third Party Advisory  VDB Entry 
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 CVE, Inc., Red Hat Third Party Advisory 
https://kb.bluecoat.com/index?page=content&id=SA50 CVE, Inc., Red Hat Third Party Advisory 
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E CVE, Inc., Red Hat
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E CVE, Inc., Red Hat
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E CVE, Inc., Red Hat
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 CVE, Inc., Red Hat Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 CVE, Inc., Red Hat Third Party Advisory 
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html CVE, Inc., Red Hat Third Party Advisory 
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html CVE, Inc., Red Hat Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html CVE, Inc., Red Hat Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-295 Improper Certificate Validation cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

23 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2009-3555
NVD Published Date:
11/09/2009
NVD Last Modified:
04/08/2025
Source:
Red Hat, Inc.