National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-3555 Detail

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Source:  MITRE      Last Modified:  11/09/2009

Quick Info

CVE Dictionary Entry:
CVE-2009-3555
Original release date:
11/09/2009
Last revised:
09/18/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:P) (legend)
Impact Subscore:
4.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html External Source BUGTRAQ 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html External Source MISC http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html External Source MISC http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during External Source CONFIRM http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
http://clicky.me/tlsvuln External Source MISC http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8 External Source MISC http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf External Source MISC http://extendedsubset.com/Renegotiating_TLS.pdf
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 External Source HP SSRT090249
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 External Source HP HPSBGN02562
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 External Source HP SSRT100179
http://kbase.redhat.com/faq/docs/DOC-20491 External Source CONFIRM http://kbase.redhat.com/faq/docs/DOC-20491
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html External Source APPLE APPLE-SA-2010-05-18-1
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html External Source APPLE APPLE-SA-2010-05-18-2
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html External Source APPLE APPLE-SA-2010-01-19-1
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html External Source FEDORA FEDORA-2010-5357
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html External Source FEDORA FEDORA-2010-5942
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html External Source FEDORA FEDORA-2010-6131
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html External Source FEDORA FEDORA-2010-16312
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html External Source FEDORA FEDORA-2010-16294
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html External Source FEDORA FEDORA-2010-16240
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html External Source MLIST [gnutls-devel] 20091105 Re: TLS renegotiation MITM
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html External Source SUSE SUSE-SA:2009:057
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html External Source SUSE SUSE-SR:2010:008
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html External Source SUSE SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html External Source SUSE SUSE-SR:2010:012
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html External Source SUSE SUSE-SR:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html External Source SUSE SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html External Source SUSE SUSE-SA:2010:061
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html External Source SUSE SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html External Source SUSE openSUSE-SU-2011:0845
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html External Source SUSE SUSE-SU-2011:0847
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 External Source MLIST [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
http://marc.info/?l=bugtraq&m=126150535619567&w=2 External Source HP SSRT090264
http://marc.info/?l=bugtraq&m=127128920008563&w=2 External Source HP SSRT100058
http://marc.info/?l=bugtraq&m=127419602507642&w=2 External Source HP HPSBMA02534
http://marc.info/?l=bugtraq&m=127557596201693&w=2 External Source HP SSRT100089
http://marc.info/?l=bugtraq&m=130497311408250&w=2 External Source HP HPSBOV02683
http://marc.info/?l=bugtraq&m=132077688910227&w=2 External Source HP HPSBHF02706
http://marc.info/?l=bugtraq&m=133469267822771&w=2 External Source HP SSRT100825
http://marc.info/?l=bugtraq&m=134254866602253&w=2 External Source HP HPSBMU02799
http://marc.info/?l=bugtraq&m=142660345230545&w=2 External Source HP SSRT101846
http://marc.info/?l=cryptography&m=125752275331877&w=2 External Source MLIST [cryptography] 20091105 OpenSSL 0.9.8l released
http://openbsd.org/errata45.html#010_openssl External Source OPENBSD [4.5] 010: SECURITY FIX: November 26, 2009
http://openbsd.org/errata46.html#004_openssl External Source OPENBSD [4.6] 004: SECURITY FIX: November 26, 2009
http://seclists.org/fulldisclosure/2009/Nov/139 External Source FULLDISC 20091111 Re: SSL/TLS MiTM PoC
http://security.gentoo.org/glsa/glsa-200912-01.xml External Source GENTOO GLSA-200912-01
http://security.gentoo.org/glsa/glsa-201203-22.xml External Source GENTOO GLSA-201203-22
http://security.gentoo.org/glsa/glsa-201406-32.xml External Source GENTOO GLSA-201406-32
http://securitytracker.com/id?1023148 External Source SECTRACK 1023148
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 External Source SLACKWARE SSA:2009-320-01
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 External Source SUNALERT 273350
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 External Source SUNALERT 273029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 External Source SUNALERT 274990
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 External Source SUNALERT 1021653
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 External Source SUNALERT 1021752
http://support.apple.com/kb/HT4004 External Source CONFIRM http://support.apple.com/kb/HT4004
http://support.apple.com/kb/HT4170 External Source CONFIRM http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171 External Source CONFIRM http://support.apple.com/kb/HT4171
http://support.avaya.com/css/P8/documents/100070150 External Source CONFIRM http://support.avaya.com/css/P8/documents/100070150
http://support.avaya.com/css/P8/documents/100081611 External Source CONFIRM http://support.avaya.com/css/P8/documents/100081611
http://support.avaya.com/css/P8/documents/100114315 External Source CONFIRM http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100114327 External Source CONFIRM http://support.avaya.com/css/P8/documents/100114327
http://support.citrix.com/article/CTX123359 External Source CONFIRM http://support.citrix.com/article/CTX123359
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES External Source CONFIRM http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released External Source CONFIRM http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
http://sysoev.ru/nginx/patch.cve-2009-3555.txt External Source CONFIRM http://sysoev.ru/nginx/patch.cve-2009-3555.txt
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html External Source CONFIRM http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
http://ubuntu.com/usn/usn-923-1 External Source UBUNTU USN-923-1
http://wiki.rpath.com/Advisories:rPSA-2009-0155 External Source CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0155
http://www.arubanetworks.com/support/alerts/aid-020810.txt External Source CONFIRM http://www.arubanetworks.com/support/alerts/aid-020810.txt
http://www.betanews.com/article/1257452450 External Source MISC http://www.betanews.com/article/1257452450
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml External Source CISCO 20091109 Transport Layer Security Renegotiation Vulnerability
http://www.debian.org/security/2009/dsa-1934 External Source DEBIAN DSA-1934
http://www.debian.org/security/2011/dsa-2141 External Source DEBIAN DSA-2141
http://www.debian.org/security/2015/dsa-3253 External Source DEBIAN DSA-3253
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html External Source MISC http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html External Source CONFIRM http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html External Source MLIST [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html External Source MLIST [tls] 20091104 TLS renegotiation issue
http://www.ingate.com/Relnote.php?ver=481 External Source CONFIRM http://www.ingate.com/Relnote.php?ver=481
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 External Source HP SSRT100219
http://www.kb.cert.org/vuls/id/120541 US Government Resource External Source CERT-VN VU#120541
http://www.links.org/?p=780 External Source MISC http://www.links.org/?p=780
http://www.links.org/?p=786 External Source MISC http://www.links.org/?p=786
http://www.links.org/?p=789 External Source MISC http://www.links.org/?p=789
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 External Source MANDRIVA MDVSA-2010:076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 External Source MANDRIVA MDVSA-2010:084
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 External Source MANDRIVA MDVSA-2010:089
http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx External Source MS MS10-049
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html External Source CONFIRM http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.openoffice.org/security/cves/CVE-2009-3555.html External Source CONFIRM http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openssl.org/news/secadv_20091111.txt External Source CONFIRM http://www.openssl.org/news/secadv_20091111.txt
http://www.openwall.com/lists/oss-security/2009/11/05/3 External Source MLIST [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/05/5 External Source MLIST [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/06/3 External Source MLIST [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/07/3 External Source MLIST [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
http://www.openwall.com/lists/oss-security/2009/11/20/1 External Source MLIST [oss-security] 20091120 CVEs for nginx
http://www.openwall.com/lists/oss-security/2009/11/23/10 External Source MLIST [oss-security] 20091123 Re: CVEs for nginx
http://www.opera.com/docs/changelogs/unix/1060/ External Source CONFIRM http://www.opera.com/docs/changelogs/unix/1060/
http://www.opera.com/support/search/view/944/ External Source CONFIRM http://www.opera.com/support/search/view/944/
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c External Source CONFIRM http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
http://www.redhat.com/support/errata/RHSA-2010-0119.html External Source REDHAT RHSA-2010:0119
http://www.redhat.com/support/errata/RHSA-2010-0130.html External Source REDHAT RHSA-2010:0130
http://www.redhat.com/support/errata/RHSA-2010-0155.html External Source REDHAT RHSA-2010:0155
http://www.redhat.com/support/errata/RHSA-2010-0165.html External Source REDHAT RHSA-2010:0165
http://www.redhat.com/support/errata/RHSA-2010-0167.html External Source REDHAT RHSA-2010:0167
http://www.redhat.com/support/errata/RHSA-2010-0337.html External Source REDHAT RHSA-2010:0337
http://www.redhat.com/support/errata/RHSA-2010-0338.html External Source REDHAT RHSA-2010:0338
http://www.redhat.com/support/errata/RHSA-2010-0339.html External Source REDHAT RHSA-2010:0339
http://www.redhat.com/support/errata/RHSA-2010-0768.html External Source REDHAT RHSA-2010:0768
http://www.redhat.com/support/errata/RHSA-2010-0770.html External Source REDHAT RHSA-2010:0770
http://www.redhat.com/support/errata/RHSA-2010-0786.html External Source REDHAT RHSA-2010:0786
http://www.redhat.com/support/errata/RHSA-2010-0807.html External Source REDHAT RHSA-2010:0807
http://www.redhat.com/support/errata/RHSA-2010-0865.html External Source REDHAT RHSA-2010:0865
http://www.redhat.com/support/errata/RHSA-2010-0986.html External Source REDHAT RHSA-2010:0986
http://www.redhat.com/support/errata/RHSA-2010-0987.html External Source REDHAT RHSA-2010:0987
http://www.redhat.com/support/errata/RHSA-2011-0880.html External Source REDHAT RHSA-2011:0880
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html External Source MISC http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.securityfocus.com/archive/1/522176 External Source HP HPSBMU02759
http://www.securityfocus.com/archive/1/archive/1/507952/100/0/threaded External Source BUGTRAQ 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded External Source BUGTRAQ 20091124 rPSA-2009-0155-1 httpd mod_ssl
http://www.securityfocus.com/archive/1/archive/1/508130/100/0/threaded External Source BUGTRAQ 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
http://www.securityfocus.com/archive/1/archive/1/515055/100/0/threaded External Source BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded External Source BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/bid/36935 Exploit; Patch External Source BID 36935
http://www.securitytracker.com/id?1023163 External Source SECTRACK 1023163
http://www.securitytracker.com/id?1023204 External Source SECTRACK 1023204
http://www.securitytracker.com/id?1023205 External Source SECTRACK 1023205
http://www.securitytracker.com/id?1023206 External Source SECTRACK 1023206
http://www.securitytracker.com/id?1023207 External Source SECTRACK 1023207
http://www.securitytracker.com/id?1023208 External Source SECTRACK 1023208
http://www.securitytracker.com/id?1023209 External Source SECTRACK 1023209
http://www.securitytracker.com/id?1023210 External Source SECTRACK 1023210
http://www.securitytracker.com/id?1023211 External Source SECTRACK 1023211
http://www.securitytracker.com/id?1023212 External Source SECTRACK 1023212
http://www.securitytracker.com/id?1023213 External Source SECTRACK 1023213
http://www.securitytracker.com/id?1023214 External Source SECTRACK 1023214
http://www.securitytracker.com/id?1023215 External Source SECTRACK 1023215
http://www.securitytracker.com/id?1023216 External Source SECTRACK 1023216
http://www.securitytracker.com/id?1023217 External Source SECTRACK 1023217
http://www.securitytracker.com/id?1023218 External Source SECTRACK 1023218
http://www.securitytracker.com/id?1023219 External Source SECTRACK 1023219
http://www.securitytracker.com/id?1023224 External Source SECTRACK 1023224
http://www.securitytracker.com/id?1023243 External Source SECTRACK 1023243
http://www.securitytracker.com/id?1023270 External Source SECTRACK 1023270
http://www.securitytracker.com/id?1023271 External Source SECTRACK 1023271
http://www.securitytracker.com/id?1023272 External Source SECTRACK 1023272
http://www.securitytracker.com/id?1023273 External Source SECTRACK 1023273
http://www.securitytracker.com/id?1023274 External Source SECTRACK 1023274
http://www.securitytracker.com/id?1023275 External Source SECTRACK 1023275
http://www.securitytracker.com/id?1023411 External Source SECTRACK 1023411
http://www.securitytracker.com/id?1023426 External Source SECTRACK 1023426
http://www.securitytracker.com/id?1023427 External Source SECTRACK 1023427
http://www.securitytracker.com/id?1023428 External Source SECTRACK 1023428
http://www.securitytracker.com/id?1024789 External Source SECTRACK 1024789
http://www.tombom.co.uk/blog/?p=85 External Source MISC http://www.tombom.co.uk/blog/?p=85
http://www.ubuntu.com/usn/USN-1010-1 External Source UBUNTU USN-1010-1
http://www.ubuntu.com/usn/USN-927-1 External Source UBUNTU USN-927-1
http://www.ubuntu.com/usn/USN-927-4 External Source UBUNTU USN-927-4
http://www.ubuntu.com/usn/USN-927-5 External Source UBUNTU USN-927-5
http://www.us-cert.gov/cas/techalerts/TA10-222A.html US Government Resource External Source CERT TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html US Government Resource External Source CERT TA10-287A
http://www.vmware.com/security/advisories/VMSA-2010-0019.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0019.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html External Source CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2009/3164 Vendor Advisory External Source VUPEN ADV-2009-3164
http://www.vupen.com/english/advisories/2009/3165 Vendor Advisory External Source VUPEN ADV-2009-3165
http://www.vupen.com/english/advisories/2009/3205 Vendor Advisory External Source VUPEN ADV-2009-3205
http://www.vupen.com/english/advisories/2009/3220 Vendor Advisory External Source VUPEN ADV-2009-3220
http://www.vupen.com/english/advisories/2009/3310 External Source VUPEN ADV-2009-3310
http://www.vupen.com/english/advisories/2009/3313 External Source VUPEN ADV-2009-3313
http://www.vupen.com/english/advisories/2009/3353 External Source VUPEN ADV-2009-3353
http://www.vupen.com/english/advisories/2009/3354 External Source VUPEN ADV-2009-3354
http://www.vupen.com/english/advisories/2009/3484 External Source VUPEN ADV-2009-3484
http://www.vupen.com/english/advisories/2009/3521 External Source VUPEN ADV-2009-3521
http://www.vupen.com/english/advisories/2009/3587 External Source VUPEN ADV-2009-3587
http://www.vupen.com/english/advisories/2010/0086 External Source VUPEN ADV-2010-0086
http://www.vupen.com/english/advisories/2010/0173 External Source VUPEN ADV-2010-0173
http://www.vupen.com/english/advisories/2010/0748 External Source VUPEN ADV-2010-0748
http://www.vupen.com/english/advisories/2010/0848 External Source VUPEN ADV-2010-0848
http://www.vupen.com/english/advisories/2010/0916 External Source VUPEN ADV-2010-0916
http://www.vupen.com/english/advisories/2010/0933 External Source VUPEN ADV-2010-0933
http://www.vupen.com/english/advisories/2010/0982 External Source VUPEN ADV-2010-0982
http://www.vupen.com/english/advisories/2010/0994 External Source VUPEN ADV-2010-0994
http://www.vupen.com/english/advisories/2010/1054 External Source VUPEN ADV-2010-1054
http://www.vupen.com/english/advisories/2010/1107 External Source VUPEN ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1191 External Source VUPEN ADV-2010-1191
http://www.vupen.com/english/advisories/2010/1350 External Source VUPEN ADV-2010-1350
http://www.vupen.com/english/advisories/2010/1639 External Source VUPEN ADV-2010-1639
http://www.vupen.com/english/advisories/2010/1673 External Source VUPEN ADV-2010-1673
http://www.vupen.com/english/advisories/2010/1793 External Source VUPEN ADV-2010-1793
http://www.vupen.com/english/advisories/2010/2010 External Source VUPEN ADV-2010-2010
http://www.vupen.com/english/advisories/2010/2745 External Source VUPEN ADV-2010-2745
http://www.vupen.com/english/advisories/2010/3069 External Source VUPEN ADV-2010-3069
http://www.vupen.com/english/advisories/2010/3086 External Source VUPEN ADV-2010-3086
http://www.vupen.com/english/advisories/2010/3126 External Source VUPEN ADV-2010-3126
http://www.vupen.com/english/advisories/2011/0032 External Source VUPEN ADV-2011-0032
http://www.vupen.com/english/advisories/2011/0033 External Source VUPEN ADV-2011-0033
http://www.vupen.com/english/advisories/2011/0086 External Source VUPEN ADV-2011-0086
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 External Source AIXAPAR IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 External Source AIXAPAR IC68054
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 External Source AIXAPAR IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 External Source AIXAPAR PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21426108
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21432298
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24006386
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24025312
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only External Source AIXAPAR PM00675
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html External Source MISC http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 External Source MISC https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 External Source CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=545755
https://bugzilla.redhat.com/show_bug.cgi?id=533125 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 External Source XF tls-renegotiation-weak-security(54158)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://kb.bluecoat.com/index?page=content&id=SA50 External Source CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 External Source OVAL oval:org.mitre.oval:def:10088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 External Source OVAL oval:org.mitre.oval:def:11578
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 External Source OVAL oval:org.mitre.oval:def:11617
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 External Source OVAL oval:org.mitre.oval:def:7315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 External Source OVAL oval:org.mitre.oval:def:7478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 External Source OVAL oval:org.mitre.oval:def:7973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 External Source OVAL oval:org.mitre.oval:def:8366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 External Source OVAL oval:org.mitre.oval:def:8535
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html External Source MISC https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt External Source MISC https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html External Source FEDORA FEDORA-2009-12750
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html External Source FEDORA FEDORA-2009-12775
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html External Source FEDORA FEDORA-2009-12782
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html External Source FEDORA FEDORA-2009-12968
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html External Source FEDORA FEDORA-2009-12604
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html External Source FEDORA FEDORA-2009-12606
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html External Source FEDORA FEDORA-2009-12305
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html External Source FEDORA FEDORA-2009-12229

References to Check Content

Identifier:
oval:org.mitre.oval:def:10088
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10088
Identifier:
oval:org.mitre.oval:def:11578
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11578
Identifier:
oval:org.mitre.oval:def:11617
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11617
Identifier:
oval:org.mitre.oval:def:7315
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7315
Identifier:
oval:org.mitre.oval:def:7478
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7478
Identifier:
oval:org.mitre.oval:def:7973
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7973
Identifier:
oval:org.mitre.oval:def:8366
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8366
Identifier:
oval:org.mitre.oval:def:8535
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8535

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
AND
OR
cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
Showing 100 of 328 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 9 change records found - show changes