Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3555

Опубликовано: 09 нояб. 2009
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия до 2.2.14 (включая)
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
Версия до 2.8.5 (включая)
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
Версия до 3.12.4 (включая)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия до 0.9.8k (включая)
cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
Версия от 0.1.0 (включая) до 0.8.22 (включая)

EPSS

Процентиль: 88%
0.04027
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

ubuntu логотип

CVE-2009-3555

ubuntu
больше 15 лет назад

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

redhat логотип

CVE-2009-3555

redhat
больше 15 лет назад

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

debian логотип

CVE-2009-3555

debian
больше 15 лет назад

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...

github логотип

GHSA-f7w7-6pjc-wwm6

github
около 3 лет назад

Apache Tomcat affected by vulnerability in TLS and SSL protocol

oracle-oval логотип

ELSA-2010-0165

oracle-oval
около 15 лет назад

ELSA-2010-0165: nss security update (MODERATE)

EPSS

Процентиль: 88%
0.04027
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-295