NVD

CVE-2009-3555 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

ADP: CISA-ADP

Base Score: 9.8 CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 5.8 MEDIUM

Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html	CVE, Inc., Red Hat	Broken Link
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html	CVE, Inc., Red Hat	Third Party Advisory
http://blogs.iss.net/archive/sslmitmiscsrf.html	CVE, Inc., Red Hat	Broken Link
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during	CVE, Inc., Red Hat	Third Party Advisory
http://clicky.me/tlsvuln	CVE, Inc., Red Hat	Exploit Third Party Advisory
http://extendedsubset.com/?p=8	CVE, Inc., Red Hat	Broken Link
http://extendedsubset.com/Renegotiating_TLS.pdf	CVE, Inc., Red Hat	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686	CVE, Inc., Red Hat	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041	CVE, Inc., Red Hat	Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	CVE, Inc., Red Hat	Broken Link
http://kbase.redhat.com/faq/docs/DOC-20491	CVE, Inc., Red Hat	Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	CVE, Inc., Red Hat	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=126150535619567&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=127128920008563&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=127419602507642&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=133469267822771&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=134254866602253&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=cryptography&m=125752275331877&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://openbsd.org/errata45.html#010_openssl	CVE, Inc., Red Hat	Third Party Advisory
http://openbsd.org/errata46.html#004_openssl	CVE, Inc., Red Hat	Third Party Advisory
http://osvdb.org/60521	CVE, Inc., Red Hat	Broken Link
http://osvdb.org/60972	CVE, Inc., Red Hat	Broken Link
http://osvdb.org/62210	CVE, Inc., Red Hat	Broken Link
http://osvdb.org/65202	CVE, Inc., Red Hat	Broken Link
http://seclists.org/fulldisclosure/2009/Nov/139	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://secunia.com/advisories/37291	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37292	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37320	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37383	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37399	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37453	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37501	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37504	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37604	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37640	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37656	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37675	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/37859	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38003	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38020	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38056	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38241	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38484	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38687	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38781	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39127	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39136	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39242	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39243	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39278	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39292	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39317	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39461	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39500	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39628	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39632	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39713	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/39819	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/40070	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/40545	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/40747	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/40866	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/41480	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/41490	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/41818	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/41967	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/41972	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42377	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42379	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42467	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42724	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42733	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42808	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42811	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42816	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/43308	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/44183	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/44954	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/48577	CVE, Inc., Red Hat	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml	CVE, Inc., Red Hat	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-22.xml	CVE, Inc., Red Hat	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml	CVE, Inc., Red Hat	Third Party Advisory
http://securitytracker.com/id?1023148	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	CVE, Inc., Red Hat	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1	CVE, Inc., Red Hat	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1	CVE, Inc., Red Hat	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1	CVE, Inc., Red Hat	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1	CVE, Inc., Red Hat	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1	CVE, Inc., Red Hat	Broken Link
http://support.apple.com/kb/HT4004	CVE, Inc., Red Hat	Third Party Advisory
http://support.apple.com/kb/HT4170	CVE, Inc., Red Hat	Third Party Advisory
http://support.apple.com/kb/HT4171	CVE, Inc., Red Hat	Third Party Advisory
http://support.avaya.com/css/P8/documents/100070150	CVE, Inc., Red Hat	Third Party Advisory
http://support.avaya.com/css/P8/documents/100081611	CVE, Inc., Red Hat	Third Party Advisory
http://support.avaya.com/css/P8/documents/100114315	CVE, Inc., Red Hat	Third Party Advisory
http://support.avaya.com/css/P8/documents/100114327	CVE, Inc., Red Hat	Third Party Advisory
http://support.citrix.com/article/CTX123359	CVE, Inc., Red Hat	Third Party Advisory
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES	CVE, Inc., Red Hat	Broken Link
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released	CVE, Inc., Red Hat	Broken Link
http://sysoev.ru/nginx/patch.cve-2009-3555.txt	CVE, Inc., Red Hat	Broken Link
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html	CVE, Inc., Red Hat	Broken Link
http://ubuntu.com/usn/usn-923-1	CVE, Inc., Red Hat	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0155	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21426108	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21432298	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24006386	CVE, Inc., Red Hat	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24025312	CVE, Inc., Red Hat	Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only	CVE, Inc., Red Hat	Third Party Advisory
http://www.arubanetworks.com/support/alerts/aid-020810.txt	CVE, Inc., Red Hat	Broken Link
http://www.betanews.com/article/1257452450	CVE, Inc., Red Hat	Third Party Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml	CVE, Inc., Red Hat	Third Party Advisory
http://www.debian.org/security/2009/dsa-1934	CVE, Inc., Red Hat	Third Party Advisory
http://www.debian.org/security/2011/dsa-2141	CVE, Inc., Red Hat	Third Party Advisory
http://www.debian.org/security/2015/dsa-3253	CVE, Inc., Red Hat	Third Party Advisory
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.ingate.com/Relnote.php?ver=481	CVE, Inc., Red Hat	Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	CVE, Inc., Red Hat	Third Party Advisory
http://www.kb.cert.org/vuls/id/120541	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.links.org/?p=780	CVE, Inc., Red Hat	Third Party Advisory
http://www.links.org/?p=786	CVE, Inc., Red Hat	Third Party Advisory
http://www.links.org/?p=789	CVE, Inc., Red Hat	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076	CVE, Inc., Red Hat	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	CVE, Inc., Red Hat	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089	CVE, Inc., Red Hat	Broken Link
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2009-3555.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.openssl.org/news/secadv_20091111.txt	CVE, Inc., Red Hat	Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/05/3	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/05/5	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/06/3	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/07/3	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/20/1	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/23/10	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1060/	CVE, Inc., Red Hat	Third Party Advisory
http://www.opera.com/support/search/view/944/	CVE, Inc., Red Hat	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c	CVE, Inc., Red Hat	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0119.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0130.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0155.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0165.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0167.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0338.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0339.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0768.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0770.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0786.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0807.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0865.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0986.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0987.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0880.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.securityfocus.com/archive/1/507952/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/508075/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/508130/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/515055/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/516397/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/522176	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36935	CVE, Inc., Red Hat	Exploit Patch Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023163	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023204	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023205	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023206	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023207	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023208	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023209	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023210	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023211	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023212	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023213	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023214	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023215	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023216	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023217	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023218	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023219	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023224	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023243	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023270	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023271	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023272	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023273	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023274	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023275	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023411	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023426	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023427	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023428	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024789	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.tombom.co.uk/blog/?p=85	CVE, Inc., Red Hat	Broken Link
http://www.ubuntu.com/usn/USN-1010-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.ubuntu.com/usn/USN-927-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.ubuntu.com/usn/USN-927-4	CVE, Inc., Red Hat	Third Party Advisory
http://www.ubuntu.com/usn/USN-927-5	CVE, Inc., Red Hat	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-222A.html	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA10-287A.html	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2010-0019.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3164	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3165	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3205	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3220	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3310	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3313	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3353	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3354	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3484	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3521	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/3587	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0086	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0173	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0748	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0848	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0916	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0933	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0982	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0994	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1054	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1191	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1350	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1639	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1673	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1793	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2010	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2745	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3069	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3086	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3126	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0032	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0033	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0086	CVE, Inc., Red Hat	Third Party Advisory
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html	CVE, Inc., Red Hat	Exploit Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=526689	CVE, Inc., Red Hat	Issue Tracking Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=545755	CVE, Inc., Red Hat	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=533125	CVE, Inc., Red Hat	Issue Tracking Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049	CVE, Inc., Red Hat	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	CVE, Inc., Red Hat	Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535	CVE, Inc., Red Hat	Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html	CVE, Inc., Red Hat	Third Party Advisory
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt	CVE, Inc., Red Hat	Third Party Advisory
https://www.exploit-db.com/exploits/10579	CISA-ADP
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html	CVE, Inc., Red Hat	Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-295	Improper Certificate Validation	NIST
CWE-300	Channel Accessible by Non-Endpoint	CISA-ADP

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

0 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2009-3555
NVD Published Date:
11/09/2009
NVD Last Modified:
05/27/2026
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2009-3555 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Quick Info