CVE-2009-3555

Public Exploit

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Category

5.8
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 3.01% Top 15%
Vendor Advisory apple.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory marc.info Vendor Advisory hp.com Vendor Advisory opensuse.org Vendor Advisory openbsd.org Vendor Advisory ubuntu.com Vendor Advisory ibm.com Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory marc.info Vendor Advisory sun.com Vendor Advisory fedoraproject.org Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory fedoraproject.org Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory cisco.com Vendor Advisory ibm.com Vendor Advisory fedoraproject.org Vendor Advisory securityfocus.com Vendor Advisory apple.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory gentoo.org Vendor Advisory marc.info Vendor Advisory sun.com Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory apple.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory marc.info Vendor Advisory hp.com Vendor Advisory hp.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory ibm.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory slackware.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory marc.info Vendor Advisory microsoft.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory sun.com Vendor Advisory openbsd.org Vendor Advisory redhat.com Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory sun.com Vendor Advisory hp.com Vendor Advisory fedoraproject.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html vendor advisory mailing list third party advisory
http://www.securitytracker.com/id?1023427 third party advisory vdb entry
http://support.avaya.com/css/P8/documents/100081611 third party advisory
http://osvdb.org/62210 vdb entry broken link
http://secunia.com/advisories/37640 third party advisory
http://www.arubanetworks.com/support/alerts/aid-020810.txt broken link
http://www.vupen.com/english/advisories/2010/0916 third party advisory vdb entry
http://support.avaya.com/css/P8/documents/100114327 third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0167.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/2010 third party advisory vdb entry
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/0086 third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/1673 third party advisory vdb entry
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html third party advisory mailing list
http://secunia.com/advisories/37656 third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0865.html third party advisory vendor advisory
http://secunia.com/advisories/39628 third party advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html third party advisory
http://secunia.com/advisories/42724 third party advisory
http://www.vupen.com/english/advisories/2009/3310 third party advisory vdb entry
http://www.vupen.com/english/advisories/2009/3205 third party advisory vdb entry
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during third party advisory
http://secunia.com/advisories/39461 third party advisory
http://support.avaya.com/css/P8/documents/100114315 third party advisory
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c broken link
http://security.gentoo.org/glsa/glsa-201406-32.xml third party advisory vendor advisory
http://www.ingate.com/Relnote.php?ver=481 third party advisory
http://www.securitytracker.com/id?1023204 third party advisory vdb entry
http://secunia.com/advisories/40866 third party advisory
http://marc.info/?l=bugtraq&m=134254866602253&w=2 third party advisory vendor advisory
http://www.us-cert.gov/cas/techalerts/TA10-222A.html third party advisory us government resource
http://www.securitytracker.com/id?1023211 third party advisory vdb entry
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 vendor advisory broken link
http://secunia.com/advisories/39317 third party advisory
http://www.securitytracker.com/id?1023212 third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html third party advisory vendor advisory
http://secunia.com/advisories/39127 third party advisory
http://secunia.com/advisories/40545 third party advisory
http://www.vupen.com/english/advisories/2010/3069 third party advisory vdb entry
http://openbsd.org/errata45.html#010_openssl third party advisory vendor advisory
http://www.securitytracker.com/id?1023210 third party advisory vdb entry
http://www.securitytracker.com/id?1023270 third party advisory vdb entry
http://secunia.com/advisories/40070 third party advisory
http://www.securitytracker.com/id?1023273 third party advisory vdb entry
http://kbase.redhat.com/faq/docs/DOC-20491 third party advisory
http://www.ubuntu.com/usn/USN-927-5 third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 vendor advisory broken link
http://www.redhat.com/support/errata/RHSA-2010-0770.html third party advisory vendor advisory
http://www.openssl.org/news/secadv_20091111.txt third party advisory
http://www.securitytracker.com/id?1023275 third party advisory vdb entry
http://www.debian.org/security/2015/dsa-3253 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3484 third party advisory vdb entry
http://www.securitytracker.com/id?1023207 third party advisory vdb entry
http://secunia.com/advisories/37859 third party advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2 third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 vendor advisory broken link
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/0848 third party advisory vdb entry
http://www.openwall.com/lists/oss-security/2009/11/07/3 third party advisory mailing list
http://secunia.com/advisories/39819 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 third party advisory vendor advisory
http://www.links.org/?p=786 third party advisory
http://osvdb.org/60521 vdb entry broken link
http://www.openwall.com/lists/oss-security/2009/11/23/10 third party advisory mailing list
http://www.kb.cert.org/vuls/id/120541 third party advisory us government resource
http://www.securitytracker.com/id?1023217 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0768.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3353 third party advisory vdb entry
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html third party advisory vendor advisory
http://secunia.com/advisories/39136 third party advisory
http://www.openoffice.org/security/cves/CVE-2009-3555.html third party advisory
http://www.vupen.com/english/advisories/2011/0032 third party advisory vdb entry
http://securitytracker.com/id?1023148 third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html third party advisory vendor advisory
http://www.securityfocus.com/bid/36935 patch vdb entry exploit third party advisory
http://www.tombom.co.uk/blog/?p=85 broken link
http://marc.info/?l=bugtraq&m=130497311408250&w=2 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/1107 third party advisory vdb entry
http://www.securitytracker.com/id?1023218 third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/1350 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0338.html third party advisory vendor advisory
http://secunia.com/advisories/42379 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html third party advisory vendor advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 third party advisory vendor advisory
http://www.securitytracker.com/id?1023213 third party advisory vdb entry
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/1793 third party advisory vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 signature third party advisory vdb entry
http://extendedsubset.com/?p=8 broken link
http://secunia.com/advisories/37292 third party advisory
http://www.securityfocus.com/archive/1/522176 vendor advisory third party advisory vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 third party advisory vdb entry
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html vendor advisory mailing list third party advisory
http://secunia.com/advisories/39278 third party advisory
http://www.securitytracker.com/id?1023205 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0130.html third party advisory vendor advisory
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html broken link
http://support.apple.com/kb/HT4004 third party advisory
http://www.securitytracker.com/id?1023215 third party advisory vdb entry
http://www.ubuntu.com/usn/USN-1010-1 third party advisory vendor advisory
http://www.securitytracker.com/id?1023206 third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html third party advisory vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 third party advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=127419602507642&w=2 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3313 third party advisory vdb entry
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 vendor advisory broken link
http://www.securitytracker.com/id?1023208 third party advisory vdb entry
http://secunia.com/advisories/43308 third party advisory
http://www.securitytracker.com/id?1023214 third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html third party advisory vendor advisory
http://secunia.com/advisories/38781 third party advisory
http://marc.info/?l=bugtraq&m=133469267822771&w=2 third party advisory vendor advisory
http://www.debian.org/security/2009/dsa-1934 third party advisory vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 signature third party advisory vdb entry
http://www.securitytracker.com/id?1023271 third party advisory vdb entry
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html vendor advisory mailing list third party advisory
http://marc.info/?l=cryptography&m=125752275331877&w=2 third party advisory mailing list
http://secunia.com/advisories/42467 third party advisory
http://www.securityfocus.com/archive/1/508130/100/0/threaded mailing list third party advisory vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 signature third party advisory vdb entry
http://www.securitytracker.com/id?1023224 third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-927-4 third party advisory vendor advisory
http://secunia.com/advisories/41490 third party advisory
http://www.securityfocus.com/archive/1/508075/100/0/threaded mailing list third party advisory vdb entry
http://www.securitytracker.com/id?1023243 third party advisory vdb entry
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html third party advisory
http://secunia.com/advisories/37504 third party advisory
http://www.securitytracker.com/id?1023219 third party advisory vdb entry
http://sysoev.ru/nginx/patch.cve-2009-3555.txt broken link
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html third party advisory exploit
http://www.securitytracker.com/id?1023163 third party advisory vdb entry
http://marc.info/?l=bugtraq&m=132077688910227&w=2 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3521 third party advisory vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 signature third party advisory vdb entry
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 third party advisory vendor advisory
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released broken link
https://bugzilla.redhat.com/show_bug.cgi?id=533125 third party advisory issue tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 signature third party advisory vdb entry
http://secunia.com/advisories/44183 third party advisory
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES broken link
http://secunia.com/advisories/42808 third party advisory
http://secunia.com/advisories/39500 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 signature third party advisory vdb entry
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html third party advisory
http://www.vupen.com/english/advisories/2009/3220 third party advisory vdb entry
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 vendor advisory broken link
http://marc.info/?l=bugtraq&m=127557596201693&w=2 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2010-0165.html third party advisory vendor advisory
http://www.securityfocus.com/archive/1/515055/100/0/threaded mailing list third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0987.html third party advisory vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 third party advisory issue tracking
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 third party advisory
http://blogs.iss.net/archive/sslmitmiscsrf.html broken link
http://www.securitytracker.com/id?1023411 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0339.html third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2010-0986.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3164 third party advisory vdb entry
http://secunia.com/advisories/37383 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html third party advisory vendor advisory
http://secunia.com/advisories/44954 third party advisory
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html third party advisory mailing list
http://support.avaya.com/css/P8/documents/100070150 third party advisory
http://secunia.com/advisories/40747 third party advisory
http://marc.info/?l=bugtraq&m=126150535619567&w=2 third party advisory vendor advisory
http://secunia.com/advisories/39292 third party advisory
http://secunia.com/advisories/42816 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 vendor advisory broken link
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 third party advisory
http://extendedsubset.com/Renegotiating_TLS.pdf broken link
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 third party advisory
http://support.apple.com/kb/HT4170 third party advisory
http://www.securityfocus.com/archive/1/507952/100/0/threaded mailing list third party advisory vdb entry
http://www.securitytracker.com/id?1023209 third party advisory vdb entry
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only third party advisory vendor advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html third party advisory
http://secunia.com/advisories/48577 third party advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 third party advisory vendor advisory
http://www.links.org/?p=789 third party advisory
http://www.opera.com/docs/changelogs/unix/1060/ third party advisory
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html third party advisory
http://www.redhat.com/support/errata/RHSA-2011-0880.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html third party advisory vendor advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html third party advisory
http://www.openwall.com/lists/oss-security/2009/11/06/3 third party advisory mailing list
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html third party advisory vendor advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0155 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html third party advisory vendor advisory
http://support.citrix.com/article/CTX123359 third party advisory
http://secunia.com/advisories/37501 third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 vendor advisory broken link
http://marc.info/?l=bugtraq&m=127128920008563&w=2 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2009/3587 third party advisory vdb entry
http://secunia.com/advisories/39632 third party advisory
http://secunia.com/advisories/38687 third party advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 third party advisory issue tracking
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 patch vendor advisory
http://www.vupen.com/english/advisories/2010/0982 third party advisory vdb entry
http://secunia.com/advisories/37399 third party advisory
http://www.ubuntu.com/usn/USN-927-1 third party advisory vendor advisory
http://www.securitytracker.com/id?1023272 third party advisory vdb entry
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/3126 third party advisory vdb entry
http://secunia.com/advisories/37320 third party advisory
http://www.vupen.com/english/advisories/2009/3165 third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/1639 third party advisory vdb entry
http://secunia.com/advisories/38020 third party advisory
http://ubuntu.com/usn/usn-923-1 third party advisory vendor advisory
http://secunia.com/advisories/39243 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 signature third party advisory vdb entry
http://secunia.com/advisories/37453 third party advisory
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html third party advisory
http://www.vupen.com/english/advisories/2010/0933 third party advisory vdb entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html third party advisory
http://secunia.com/advisories/41972 third party advisory
http://www.vupen.com/english/advisories/2010/3086 third party advisory vdb entry
http://www.debian.org/security/2011/dsa-2141 third party advisory vendor advisory
http://www.securitytracker.com/id?1024789 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0155.html third party advisory vendor advisory
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html third party advisory
http://www.vupen.com/english/advisories/2011/0033 third party advisory vdb entry
http://www.redhat.com/support/errata/RHSA-2010-0337.html third party advisory vendor advisory
http://www.securitytracker.com/id?1023216 third party advisory vdb entry
http://secunia.com/advisories/41480 third party advisory
http://www.vupen.com/english/advisories/2011/0086 third party advisory vdb entry
http://secunia.com/advisories/41818 third party advisory
http://secunia.com/advisories/37604 third party advisory
http://www.opera.com/support/search/view/944/ third party advisory
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 third party advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html third party advisory vendor advisory
http://www.us-cert.gov/cas/techalerts/TA10-287A.html third party advisory us government resource
http://www.links.org/?p=780 third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0119.html third party advisory vendor advisory
http://secunia.com/advisories/38056 third party advisory
http://www.vupen.com/english/advisories/2010/0748 third party advisory vdb entry
http://secunia.com/advisories/37675 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 signature third party advisory vdb entry
http://www.vmware.com/security/advisories/VMSA-2010-0019.html third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0786.html third party advisory vendor advisory
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt third party advisory
http://secunia.com/advisories/38003 third party advisory
http://support.apple.com/kb/HT4171 third party advisory
http://www.securitytracker.com/id?1023428 third party advisory vdb entry
http://www.openwall.com/lists/oss-security/2009/11/20/1 third party advisory mailing list
http://www.vupen.com/english/advisories/2009/3354 third party advisory vdb entry
http://www.securitytracker.com/id?1023274 third party advisory vdb entry
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html third party advisory vendor advisory
http://secunia.com/advisories/39242 third party advisory
https://kb.bluecoat.com/index?page=content&id=SA50 third party advisory
http://secunia.com/advisories/38241 third party advisory
http://secunia.com/advisories/42377 third party advisory
http://security.gentoo.org/glsa/glsa-201203-22.xml third party advisory vendor advisory
http://www.openwall.com/lists/oss-security/2009/11/05/3 third party advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html third party advisory vendor advisory
http://osvdb.org/60972 vdb entry broken link
http://www.securitytracker.com/id?1023426 third party advisory vdb entry
http://secunia.com/advisories/38484 third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 vendor advisory broken link
http://www.betanews.com/article/1257452450 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 vendor advisory broken link
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html third party advisory
http://www.securityfocus.com/archive/1/516397/100/0/threaded mailing list third party advisory vdb entry
http://openbsd.org/errata46.html#004_openssl third party advisory vendor advisory
http://secunia.com/advisories/41967 third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0807.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/1191 third party advisory vdb entry
http://seclists.org/fulldisclosure/2009/Nov/139 third party advisory mailing list
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html third party advisory
http://www.openwall.com/lists/oss-security/2009/11/05/5 third party advisory mailing list
http://secunia.com/advisories/39713 third party advisory
http://secunia.com/advisories/42733 third party advisory
http://secunia.com/advisories/37291 third party advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/2745 third party advisory vdb entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 vendor advisory broken link
http://www.vupen.com/english/advisories/2010/0994 third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/0173 third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/1054 third party advisory vdb entry
http://osvdb.org/65202 vdb entry broken link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 vendor advisory broken link
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html third party advisory vendor advisory
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html third party advisory mailing list
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html broken link mailing list
http://clicky.me/tlsvuln third party advisory exploit
http://secunia.com/advisories/42811 third party advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E mailing list
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E mailing list
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E mailing list

Frequently Asked Questions

What is the severity of CVE-2009-3555?
CVE-2009-3555 has been scored as a medium severity vulnerability.
How to fix CVE-2009-3555?
To fix CVE-2009-3555, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-3555 being actively exploited in the wild?
It is possible that CVE-2009-3555 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.