Vulnerability CVE-2009-3555

Vulnerability CVE-2009-3555

Published: 2009-11-09 Modified: 2012-02-13

Description:

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Aapache/mod_ssl vulnerability and mitigation	Apache team	11.11.2009
Low	RSA Data Protection Manager Appliance XSS / TLS Renegotiation	RSA	23.11.2013

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	Partial

Affected software
Openssl -> Openssl
Mozilla -> NSS
Microsoft -> IIS
Microsoft -> Internet information server
GNU -> Gnutls
Fedoraproject -> Fedora
Debian -> Debian linux
Canonical -> Ubuntu linux
Apache -> Http server

References:

http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

http://blogs.iss.net/archive/sslmitmiscsrf.html

http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

http://clicky.me/tlsvuln

http://extendedsubset.com/?p=8

http://extendedsubset.com/Renegotiating_TLS.pdf

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

http://kbase.redhat.com/faq/docs/DOC-20491

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

http://marc.info/?l=bugtraq&m=126150535619567&w=2

http://marc.info/?l=bugtraq&m=127128920008563&w=2

http://marc.info/?l=bugtraq&m=127419602507642&w=2

http://marc.info/?l=bugtraq&m=127557596201693&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=132077688910227&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://marc.info/?l=cryptography&m=125752275331877&w=2

http://openbsd.org/errata45.html#010_openssl

http://openbsd.org/errata46.html#004_openssl

http://seclists.org/fulldisclosure/2009/Nov/139

http://security.gentoo.org/glsa/glsa-200912-01.xml

http://security.gentoo.org/glsa/glsa-201203-22.xml

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://securitytracker.com/id?1023148

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

http://support.apple.com/kb/HT4004

http://support.apple.com/kb/HT4170

http://support.apple.com/kb/HT4171

http://support.avaya.com/css/P8/documents/100070150

http://support.avaya.com/css/P8/documents/100081611

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100114327

http://support.citrix.com/article/CTX123359

http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES

http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

http://sysoev.ru/nginx/patch.cve-2009-3555.txt

http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

http://ubuntu.com/usn/usn-923-1

http://wiki.rpath.com/Advisories:rPSA-2009-0155

http://www.arubanetworks.com/support/alerts/aid-020810.txt

http://www.betanews.com/article/1257452450

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

http://www.debian.org/security/2009/dsa-1934

http://www.debian.org/security/2011/dsa-2141

http://www.debian.org/security/2015/dsa-3253

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

http://www.ingate.com/Relnote.php?ver=481

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.kb.cert.org/vuls/id/120541

http://www.links.org/?p=780

http://www.links.org/?p=786

http://www.links.org/?p=789

http://www.mandriva.com/security/advisories?name=MDVSA-2010:076

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://www.mandriva.com/security/advisories?name=MDVSA-2010:089

http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

http://www.openoffice.org/security/cves/CVE-2009-3555.html

http://www.openssl.org/news/secadv_20091111.txt

http://www.openwall.com/lists/oss-security/2009/11/05/3

http://www.openwall.com/lists/oss-security/2009/11/05/5

http://www.openwall.com/lists/oss-security/2009/11/06/3

http://www.openwall.com/lists/oss-security/2009/11/07/3

http://www.openwall.com/lists/oss-security/2009/11/20/1

http://www.openwall.com/lists/oss-security/2009/11/23/10

http://www.opera.com/docs/changelogs/unix/1060/

http://www.opera.com/support/search/view/944/

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

http://www.redhat.com/support/errata/RHSA-2010-0119.html

http://www.redhat.com/support/errata/RHSA-2010-0130.html

http://www.redhat.com/support/errata/RHSA-2010-0155.html

http://www.redhat.com/support/errata/RHSA-2010-0165.html

http://www.redhat.com/support/errata/RHSA-2010-0167.html

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://www.redhat.com/support/errata/RHSA-2010-0339.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

http://www.securityfocus.com/archive/1/507952/100/0/threaded

http://www.securityfocus.com/archive/1/508075/100/0/threaded

http://www.securityfocus.com/archive/1/508130/100/0/threaded

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/archive/1/522176

http://www.securityfocus.com/bid/36935

http://www.securitytracker.com/id?1023163

http://www.securitytracker.com/id?1023204

http://www.securitytracker.com/id?1023205

http://www.securitytracker.com/id?1023206

http://www.securitytracker.com/id?1023207

http://www.securitytracker.com/id?1023208

http://www.securitytracker.com/id?1023209

http://www.securitytracker.com/id?1023210

http://www.securitytracker.com/id?1023211

http://www.securitytracker.com/id?1023212

http://www.securitytracker.com/id?1023213

http://www.securitytracker.com/id?1023214

http://www.securitytracker.com/id?1023215

http://www.securitytracker.com/id?1023216

http://www.securitytracker.com/id?1023217

http://www.securitytracker.com/id?1023218

http://www.securitytracker.com/id?1023219

http://www.securitytracker.com/id?1023224

http://www.securitytracker.com/id?1023243

http://www.securitytracker.com/id?1023270

http://www.securitytracker.com/id?1023271

http://www.securitytracker.com/id?1023272

http://www.securitytracker.com/id?1023273

http://www.securitytracker.com/id?1023274

http://www.securitytracker.com/id?1023275

http://www.securitytracker.com/id?1023411

http://www.securitytracker.com/id?1023426

http://www.securitytracker.com/id?1023427

http://www.securitytracker.com/id?1023428

http://www.securitytracker.com/id?1024789

http://www.tombom.co.uk/blog/?p=85

http://www.ubuntu.com/usn/USN-1010-1

http://www.ubuntu.com/usn/USN-927-1

http://www.ubuntu.com/usn/USN-927-4

http://www.ubuntu.com/usn/USN-927-5

http://www.us-cert.gov/cas/techalerts/TA10-222A.html

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.vupen.com/english/advisories/2009/3164

http://www.vupen.com/english/advisories/2009/3165

http://www.vupen.com/english/advisories/2009/3205

http://www.vupen.com/english/advisories/2009/3220

http://www.vupen.com/english/advisories/2009/3310

http://www.vupen.com/english/advisories/2009/3313

http://www.vupen.com/english/advisories/2009/3353

http://www.vupen.com/english/advisories/2009/3354

http://www.vupen.com/english/advisories/2009/3484

http://www.vupen.com/english/advisories/2009/3521

http://www.vupen.com/english/advisories/2009/3587

http://www.vupen.com/english/advisories/2010/0086

http://www.vupen.com/english/advisories/2010/0173

http://www.vupen.com/english/advisories/2010/0748

http://www.vupen.com/english/advisories/2010/0848

http://www.vupen.com/english/advisories/2010/0916

http://www.vupen.com/english/advisories/2010/0933

http://www.vupen.com/english/advisories/2010/0982

http://www.vupen.com/english/advisories/2010/0994

http://www.vupen.com/english/advisories/2010/1054

http://www.vupen.com/english/advisories/2010/1107

http://www.vupen.com/english/advisories/2010/1191

http://www.vupen.com/english/advisories/2010/1350

http://www.vupen.com/english/advisories/2010/1639

http://www.vupen.com/english/advisories/2010/1673

http://www.vupen.com/english/advisories/2010/1793

http://www.vupen.com/english/advisories/2010/2010

http://www.vupen.com/english/advisories/2010/2745

http://www.vupen.com/english/advisories/2010/3069

http://www.vupen.com/english/advisories/2010/3086

http://www.vupen.com/english/advisories/2010/3126

http://www.vupen.com/english/advisories/2011/0032

http://www.vupen.com/english/advisories/2011/0033

http://www.vupen.com/english/advisories/2011/0086

http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054

http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

http://www-01.ibm.com/support/docview.wss?uid=swg24006386

http://www-01.ibm.com/support/docview.wss?uid=swg24025312

http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

https://bugzilla.mozilla.org/show_bug.cgi?id=526689

https://bugzilla.mozilla.org/show_bug.cgi?id=545755

https://bugzilla.redhat.com/show_bug.cgi?id=533125

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://kb.bluecoat.com/index?page=content&id=SA50

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535

https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html

Vulnerability CVE-2009-3555

See advisories in our WLB2 database:

Med.

Aapache/mod_ssl vulnerability and mitigation

Low

RSA Data Protection Manager Appliance XSS / TLS Renegotiation

CWE-310

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

5.8/10

4.9/10

8.6/10

Remote

Medium

No required

None

Partial

Partial

Affected software

References: