Vulnerability CVE-2009-3555


Published: 2009-11-09   Modified: 2012-02-13

Description:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Aapache/mod_ssl vulnerability and mitigation
Apache team
11.11.2009
Low
RSA Data Protection Manager Appliance XSS / TLS Renegotiation
RSA
23.11.2013

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Openssl -> Openssl 
Mozilla -> NSS 
Microsoft -> IIS 
Microsoft -> Internet information server 
GNU -> Gnutls 
Fedoraproject -> Fedora 
Debian -> Debian linux 
Canonical -> Ubuntu linux 
Apache -> Http server 

 References:
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://kbase.redhat.com/faq/docs/DOC-20491
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
http://marc.info/?l=bugtraq&m=126150535619567&w=2
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://marc.info/?l=bugtraq&m=127419602507642&w=2
http://marc.info/?l=bugtraq&m=127557596201693&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=132077688910227&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=cryptography&m=125752275331877&w=2
http://openbsd.org/errata45.html#010_openssl
http://openbsd.org/errata46.html#004_openssl
http://seclists.org/fulldisclosure/2009/Nov/139
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://security.gentoo.org/glsa/glsa-201203-22.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://securitytracker.com/id?1023148
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
http://support.apple.com/kb/HT4004
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171
http://support.avaya.com/css/P8/documents/100070150
http://support.avaya.com/css/P8/documents/100081611
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100114327
http://support.citrix.com/article/CTX123359
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
http://sysoev.ru/nginx/patch.cve-2009-3555.txt
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
http://ubuntu.com/usn/usn-923-1
http://wiki.rpath.com/Advisories:rPSA-2009-0155
http://www.arubanetworks.com/support/alerts/aid-020810.txt
http://www.betanews.com/article/1257452450
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
http://www.debian.org/security/2009/dsa-1934
http://www.debian.org/security/2011/dsa-2141
http://www.debian.org/security/2015/dsa-3253
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.ingate.com/Relnote.php?ver=481
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://www.kb.cert.org/vuls/id/120541
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openssl.org/news/secadv_20091111.txt
http://www.openwall.com/lists/oss-security/2009/11/05/3
http://www.openwall.com/lists/oss-security/2009/11/05/5
http://www.openwall.com/lists/oss-security/2009/11/06/3
http://www.openwall.com/lists/oss-security/2009/11/07/3
http://www.openwall.com/lists/oss-security/2009/11/20/1
http://www.openwall.com/lists/oss-security/2009/11/23/10
http://www.opera.com/docs/changelogs/unix/1060/
http://www.opera.com/support/search/view/944/
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
http://www.redhat.com/support/errata/RHSA-2010-0119.html
http://www.redhat.com/support/errata/RHSA-2010-0130.html
http://www.redhat.com/support/errata/RHSA-2010-0155.html
http://www.redhat.com/support/errata/RHSA-2010-0165.html
http://www.redhat.com/support/errata/RHSA-2010-0167.html
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://www.redhat.com/support/errata/RHSA-2010-0339.html
http://www.redhat.com/support/errata/RHSA-2010-0768.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0786.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
http://www.redhat.com/support/errata/RHSA-2010-0986.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.securityfocus.com/archive/1/507952/100/0/threaded
http://www.securityfocus.com/archive/1/508075/100/0/threaded
http://www.securityfocus.com/archive/1/508130/100/0/threaded
http://www.securityfocus.com/archive/1/515055/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/archive/1/522176
http://www.securityfocus.com/bid/36935
http://www.securitytracker.com/id?1023163
http://www.securitytracker.com/id?1023204
http://www.securitytracker.com/id?1023205
http://www.securitytracker.com/id?1023206
http://www.securitytracker.com/id?1023207
http://www.securitytracker.com/id?1023208
http://www.securitytracker.com/id?1023209
http://www.securitytracker.com/id?1023210
http://www.securitytracker.com/id?1023211
http://www.securitytracker.com/id?1023212
http://www.securitytracker.com/id?1023213
http://www.securitytracker.com/id?1023214
http://www.securitytracker.com/id?1023215
http://www.securitytracker.com/id?1023216
http://www.securitytracker.com/id?1023217
http://www.securitytracker.com/id?1023218
http://www.securitytracker.com/id?1023219
http://www.securitytracker.com/id?1023224
http://www.securitytracker.com/id?1023243
http://www.securitytracker.com/id?1023270
http://www.securitytracker.com/id?1023271
http://www.securitytracker.com/id?1023272
http://www.securitytracker.com/id?1023273
http://www.securitytracker.com/id?1023274
http://www.securitytracker.com/id?1023275
http://www.securitytracker.com/id?1023411
http://www.securitytracker.com/id?1023426
http://www.securitytracker.com/id?1023427
http://www.securitytracker.com/id?1023428
http://www.securitytracker.com/id?1024789
http://www.tombom.co.uk/blog/?p=85
http://www.ubuntu.com/usn/USN-1010-1
http://www.ubuntu.com/usn/USN-927-1
http://www.ubuntu.com/usn/USN-927-4
http://www.ubuntu.com/usn/USN-927-5
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2009/3164
http://www.vupen.com/english/advisories/2009/3165
http://www.vupen.com/english/advisories/2009/3205
http://www.vupen.com/english/advisories/2009/3220
http://www.vupen.com/english/advisories/2009/3310
http://www.vupen.com/english/advisories/2009/3313
http://www.vupen.com/english/advisories/2009/3353
http://www.vupen.com/english/advisories/2009/3354
http://www.vupen.com/english/advisories/2009/3484
http://www.vupen.com/english/advisories/2009/3521
http://www.vupen.com/english/advisories/2009/3587
http://www.vupen.com/english/advisories/2010/0086
http://www.vupen.com/english/advisories/2010/0173
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0848
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://www.vupen.com/english/advisories/2010/0982
http://www.vupen.com/english/advisories/2010/0994
http://www.vupen.com/english/advisories/2010/1054
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1191
http://www.vupen.com/english/advisories/2010/1350
http://www.vupen.com/english/advisories/2010/1639
http://www.vupen.com/english/advisories/2010/1673
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2010/2010
http://www.vupen.com/english/advisories/2010/2745
http://www.vupen.com/english/advisories/2010/3069
http://www.vupen.com/english/advisories/2010/3086
http://www.vupen.com/english/advisories/2010/3126
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0033
http://www.vupen.com/english/advisories/2011/0086
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
http://www-01.ibm.com/support/docview.wss?uid=swg24006386
http://www-01.ibm.com/support/docview.wss?uid=swg24025312
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://kb.bluecoat.com/index?page=content&id=SA50
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html

Copyright 2024, cxsecurity.com

 

Back to Top