Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3555

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2009-3555
Last Modified 13 May 2015 09:59:21
Published 09 Nov 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3555

Summary

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Vulnerable Systems

Application

  • Apache Http Server 0.8.11

  • Apache Http Server 0.8.14

  • Apache Http Server 1.0

  • Apache Http Server 1.0.2

  • Apache Http Server 1.0.3

  • Apache Http Server 1.0.5

  • Apache Http Server 1.1.1

  • Apache Http Server 1.2

  • Apache Http Server 1.2.4

  • Apache Http Server 1.2.5

  • Apache Http Server 1.2.6

  • Apache Http Server 1.3

  • Apache Http Server 1.3.0

  • Apache Http Server 1.3.1.1

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.13

  • Apache Http Server 1.3.14

  • Apache Http Server 1.3.15

  • Apache Http Server 1.3.16

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.2

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.33

  • Apache Http Server 1.3.34

  • Apache Http Server 1.3.35

  • Apache Http Server 1.3.36

  • Apache Http Server 1.3.37

  • Apache Http Server 1.3.38

  • Apache Http Server 1.3.39

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.5

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.65

  • Apache Http Server 1.3.68

  • Apache Http Server 1.3.7

  • Apache Http Server 1.3.8

  • Apache Http Server 1.3.9

  • Apache Http Server 1.4.0

  • Apache Http Server 1.99

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.9

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Apache Http Server 2.1.7

  • Apache Http Server 2.1.8

  • Apache Http Server 2.1.9

  • Apache Http Server 2.2

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.5

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.7

  • Apache Http Server 2.2.8

  • Gnutls 1.0.16

  • Gnutls 1.0.17

  • Gnutls 1.0.18

  • Gnutls 1.0.19

  • Gnutls 1.0.20

  • Gnutls 1.0.21

  • Gnutls 1.0.22

  • Gnutls 1.0.23

  • Gnutls 1.0.24

  • Gnutls 1.0.25

  • Gnutls 1.1.13

  • Gnutls 1.1.14

  • Gnutls 1.1.15

  • Gnutls 1.1.16

  • Gnutls 1.1.17

  • Gnutls 1.1.18

  • Gnutls 1.1.19

  • Gnutls 1.1.20

  • Gnutls 1.1.21

  • Gnutls 1.1.22

  • Gnutls 1.1.23

  • Gnutls 1.2.0

  • Gnutls 1.2.1

  • Gnutls 1.2.10

  • Gnutls 1.2.11

  • Gnutls 1.2.2

  • Gnutls 1.2.3

  • Gnutls 1.2.4

  • Gnutls 1.2.5

  • Gnutls 1.2.6

  • Gnutls 1.2.7

  • Gnutls 1.2.8

  • Gnutls 1.2.8.1a1

  • Gnutls 1.2.9

  • Gnutls 1.3.0

  • Gnutls 1.3.1

  • Gnutls 1.3.2

  • Gnutls 1.3.3

  • Gnutls 1.3.4

  • Gnutls 1.3.5

  • Gnutls 1.4.0

  • Gnutls 1.4.1

  • Gnutls 1.4.2

  • Gnutls 1.4.3

  • Gnutls 1.4.4

  • Gnutls 1.4.5

  • Gnutls 1.5.0

  • Gnutls 1.5.1

  • Gnutls 1.5.2

  • Gnutls 1.5.3

  • Gnutls 1.5.4

  • Gnutls 1.5.5

  • Gnutls 1.6.0

  • Gnutls 1.6.1

  • Gnutls 1.6.2

  • Gnutls 1.6.3

  • Gnutls 1.7.0

  • Gnutls 1.7.1

  • Gnutls 1.7.10

  • Gnutls 1.7.11

  • Gnutls 1.7.12

  • Gnutls 1.7.13

  • Gnutls 1.7.14

  • Gnutls 1.7.15

  • Gnutls 1.7.16

  • Gnutls 1.7.17

  • Gnutls 1.7.18

  • Gnutls 1.7.19

  • Gnutls 1.7.2

  • Gnutls 1.7.3

  • Gnutls 1.7.4

  • Gnutls 1.7.5

  • Gnutls 1.7.6

  • Gnutls 1.7.7

  • Gnutls 1.7.8

  • Gnutls 1.7.9

  • Gnutls 2.0.0

  • Gnutls 2.0.1

  • Gnutls 2.0.2

  • Gnutls 2.0.3

  • Gnutls 2.0.4

  • Gnutls 2.1.0

  • Gnutls 2.1.1

  • Gnutls 2.1.2

  • Gnutls 2.1.3

  • Gnutls 2.1.4

  • Gnutls 2.1.5

  • Gnutls 2.1.6

  • Gnutls 2.1.7

  • Gnutls 2.1.8

  • Gnutls 2.2.0

  • Gnutls 2.2.1

  • Gnutls 2.2.2

  • Gnutls 2.2.3

  • Gnutls 2.2.4

  • Gnutls 2.2.5

  • Gnutls 2.3.0

  • Gnutls 2.3.1

  • Gnutls 2.3.10

  • Gnutls 2.3.11

  • Gnutls 2.3.2

  • Gnutls 2.3.3

  • Gnutls 2.3.4

  • Gnutls 2.3.5

  • Gnutls 2.3.6

  • Gnutls 2.3.7

  • Gnutls 2.3.8

  • Gnutls 2.3.9

  • Gnutls 2.4.0

  • Gnutls 2.4.1

  • Gnutls 2.4.2

  • Gnutls 2.5.0

  • Gnutls 2.6.0

  • Gnutls 2.6.1

  • Gnutls 2.6.2

  • Gnutls 2.6.3

  • Gnutls 2.6.4

  • Gnutls 2.6.5

  • Gnutls 2.6.6

  • Gnutls 2.8.0

  • Gnutls 2.8.1

  • Microsoft Iis 7.0

  • Mozilla Nss 3.0

  • Mozilla Nss 3.10

  • Mozilla Nss 3.11.2

  • Mozilla Nss 3.11.4

  • Mozilla Nss 3.11.7

  • Mozilla Nss 3.11.8

  • Mozilla Nss 3.12

  • Mozilla Nss 3.12.1

  • Mozilla Nss 3.12.2

  • Mozilla Nss 3.2

  • Mozilla Nss 3.2.1

  • Mozilla Nss 3.3

  • Mozilla Nss 3.3.1

  • Mozilla Nss 3.3.2

  • Mozilla Nss 3.4

  • Mozilla Nss 3.4.1

  • Mozilla Nss 3.4.2

  • Mozilla Nss 3.4.3

  • Mozilla Nss 3.5

  • Mozilla Nss 3.6

  • Mozilla Nss 3.6.1

  • Mozilla Nss 3.7

  • Mozilla Nss 3.7.1

  • Mozilla Nss 3.7.2

  • Mozilla Nss 3.7.3

  • Mozilla Nss 3.7.5

  • Mozilla Nss 3.7.7

  • Mozilla Nss 3.8

  • Mozilla Nss 3.9

  • Mozilla Nss 3.9.5

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 1.0


References

CERT - TA10-287A

CERT - TA10-222A

CERT-VN - VU#120541

BID - 36935

FEDORA - FEDORA-2009-12229

FEDORA - FEDORA-2009-12305

FEDORA - FEDORA-2009-12606

FEDORA - FEDORA-2009-12604

FEDORA - FEDORA-2009-12968

FEDORA - FEDORA-2009-12782

FEDORA - FEDORA-2009-12775

FEDORA - FEDORA-2009-12750

MISC - https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

MISC - https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA50

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=533125

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=545755

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=526689

XF - tls-renegotiation-weak-security(54158)

VUPEN - ADV-2011-0086

VUPEN - ADV-2011-0033

VUPEN - ADV-2011-0032

VUPEN - ADV-2010-3126

VUPEN - ADV-2010-3086

VUPEN - ADV-2010-3069

VUPEN - ADV-2010-2745

VUPEN - ADV-2010-2010

VUPEN - ADV-2010-1793

VUPEN - ADV-2010-1673

VUPEN - ADV-2010-1639

VUPEN - ADV-2010-1350

VUPEN - ADV-2010-1191

VUPEN - ADV-2010-1107

VUPEN - ADV-2010-1054

VUPEN - ADV-2010-0994

VUPEN - ADV-2010-0982

VUPEN - ADV-2010-0933

VUPEN - ADV-2010-0916

VUPEN - ADV-2010-0848

VUPEN - ADV-2010-0748

VUPEN - ADV-2010-0173

VUPEN - ADV-2010-0086

VUPEN - ADV-2009-3587

VUPEN - ADV-2009-3521

VUPEN - ADV-2009-3484

VUPEN - ADV-2009-3354

VUPEN - ADV-2009-3353

VUPEN - ADV-2009-3313

VUPEN - ADV-2009-3310

VUPEN - ADV-2009-3220

VUPEN - ADV-2009-3205

VUPEN - ADV-2009-3165

VUPEN - ADV-2009-3164

CONFIRM - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2010-0019.html

UBUNTU - USN-927-5

UBUNTU - USN-927-4

UBUNTU - USN-927-1

UBUNTU - USN-1010-1

MISC - http://www.tombom.co.uk/blog/?p=85

SECTRACK - 1024789

SECTRACK - 1023428

SECTRACK - 1023427

SECTRACK - 1023426

SECTRACK - 1023411

SECTRACK - 1023275

SECTRACK - 1023274

SECTRACK - 1023273

SECTRACK - 1023272

SECTRACK - 1023271

SECTRACK - 1023270

SECTRACK - 1023243

SECTRACK - 1023224

SECTRACK - 1023219

SECTRACK - 1023218

SECTRACK - 1023217

SECTRACK - 1023216

SECTRACK - 1023215

SECTRACK - 1023214

SECTRACK - 1023213

SECTRACK - 1023212

SECTRACK - 1023211

SECTRACK - 1023210

SECTRACK - 1023209

SECTRACK - 1023208

SECTRACK - 1023207

SECTRACK - 1023206

SECTRACK - 1023205

SECTRACK - 1023204

SECTRACK - 1023163

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

BUGTRAQ - 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console

BUGTRAQ - 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

BUGTRAQ - 20091124 rPSA-2009-0155-1 httpd mod_ssl

BUGTRAQ - 20091118 TLS / SSLv3 vulnerability explained (DRAFT)

MISC - http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

REDHAT - RHSA-2011:0880

REDHAT - RHSA-2010:0987

REDHAT - RHSA-2010:0986

REDHAT - RHSA-2010:0865

REDHAT - RHSA-2010:0807

REDHAT - RHSA-2010:0786

REDHAT - RHSA-2010:0770

REDHAT - RHSA-2010:0768

REDHAT - RHSA-2010:0339

REDHAT - RHSA-2010:0338

REDHAT - RHSA-2010:0337

REDHAT - RHSA-2010:0167

REDHAT - RHSA-2010:0165

REDHAT - RHSA-2010:0155

REDHAT - RHSA-2010:0130

REDHAT - RHSA-2010:0119

CONFIRM - http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

CONFIRM - http://www.opera.com/support/search/view/944/

CONFIRM - http://www.opera.com/docs/changelogs/unix/1060/

MLIST - [oss-security] 20091123 Re: CVEs for nginx

MLIST - [oss-security] 20091120 CVEs for nginx

MLIST - [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks

MLIST - [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks

MLIST - [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks

MLIST - [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks

CONFIRM - http://www.openoffice.org/security/cves/CVE-2009-3555.html

CONFIRM - http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

MS - MS10-049

MANDRIVA - MDVSA-2010:089

MANDRIVA - MDVSA-2010:084

MANDRIVA - MDVSA-2010:076

MISC - http://www.links.org/?p=789

MISC - http://www.links.org/?p=786

MISC - http://www.links.org/?p=780

HP - SSRT100219

CONFIRM - http://www.ingate.com/Relnote.php?ver=481

MLIST - [tls] 20091104 TLS renegotiation issue

MLIST - [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation

CONFIRM - http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

MISC - http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

DEBIAN - DSA-2141

DEBIAN - DSA-1934

CISCO - 20091109 Transport Layer Security Renegotiation Vulnerability

MISC - http://www.betanews.com/article/1257452450

CONFIRM - http://www.arubanetworks.com/support/alerts/aid-020810.txt

AIXAPAR - PM00675

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg24025312

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg24006386

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21432298

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21426108

AIXAPAR - PM12247

AIXAPAR - IC68055

AIXAPAR - IC68054

AIXAPAR - IC67848

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0155

UBUNTU - USN-923-1

CONFIRM - http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

CONFIRM - http://sysoev.ru/nginx/patch.cve-2009-3555.txt

CONFIRM - http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

CONFIRM - http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES

CONFIRM - http://support.citrix.com/article/CTX123359

CONFIRM - http://support.avaya.com/css/P8/documents/100114327

CONFIRM - http://support.avaya.com/css/P8/documents/100114315

CONFIRM - http://support.avaya.com/css/P8/documents/100081611

CONFIRM - http://support.avaya.com/css/P8/documents/100070150

CONFIRM - http://support.apple.com/kb/HT4171

CONFIRM - http://support.apple.com/kb/HT4170

CONFIRM - http://support.apple.com/kb/HT4004

SUNALERT - 1021752

SUNALERT - 1021653

SUNALERT - 274990

SUNALERT - 273029

SUNALERT - 273350

SLACKWARE - SSA:2009-320-01

SECTRACK - 1023148

GENTOO - GLSA-200912-01

SECUNIA - 44954

SECUNIA - 44183

SECUNIA - 43308

SECUNIA - 42816

SECUNIA - 42811

SECUNIA - 42808

SECUNIA - 42733

SECUNIA - 42724

SECUNIA - 42467

SECUNIA - 42379

SECUNIA - 42377

SECUNIA - 41972

SECUNIA - 41967

SECUNIA - 41490

SECUNIA - 41480

SECUNIA - 40866

SECUNIA - 40747

SECUNIA - 40545

SECUNIA - 40070

SECUNIA - 39819

SECUNIA - 39713

SECUNIA - 39632

SECUNIA - 39628

SECUNIA - 39500

SECUNIA - 39461

SECUNIA - 39317

SECUNIA - 39292

SECUNIA - 39278

SECUNIA - 39243

SECUNIA - 39242

SECUNIA - 39136

SECUNIA - 39127

SECUNIA - 38781

SECUNIA - 38687

SECUNIA - 38484

SECUNIA - 38241

SECUNIA - 38056

SECUNIA - 38020

SECUNIA - 38003

SECUNIA - 37859

SECUNIA - 37675

SECUNIA - 37656

SECUNIA - 37640

SECUNIA - 37604

SECUNIA - 37504

SECUNIA - 37501

SECUNIA - 37453

SECUNIA - 37399

SECUNIA - 37383

SECUNIA - 37320

SECUNIA - 37292

SECUNIA - 37291

FULLDISC - 20091111 Re: SSL/TLS MiTM PoC

OSVDB - 65202

OSVDB - 62210

OSVDB - 60972

OSVDB - 60521

OPENBSD - [4.6] 004: SECURITY FIX: November 26, 2009

OPENBSD - [4.5] 010: SECURITY FIX: November 26, 2009

MLIST - [cryptography] 20091105 OpenSSL 0.9.8l released

HP - SSRT100613

HP - HPSBHF02706

HP - SSRT090208

HP - HPSBOV02683

HP - SSRT090180

MLIST - [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation

SUSE - SUSE-SU-2011:0847

SUSE - openSUSE-SU-2011:0845

SUSE - SUSE-SR:2010:024

SUSE - SUSE-SA:2010:061

SUSE - SUSE-SR:2010:019

SUSE - SUSE-SR:2010:013

SUSE - SUSE-SR:2010:012

SUSE - SUSE-SR:2010:011

SUSE - SUSE-SR:2010:008

SUSE - SUSE-SA:2009:057

MLIST - [gnutls-devel] 20091105 Re: TLS renegotiation MITM

FEDORA - FEDORA-2010-16240

FEDORA - FEDORA-2010-16294

FEDORA - FEDORA-2010-16312

FEDORA - FEDORA-2010-6131

FEDORA - FEDORA-2010-5942

FEDORA - FEDORA-2010-5357

APPLE - APPLE-SA-2010-01-19-1

APPLE - APPLE-SA-2010-05-18-2

APPLE - APPLE-SA-2010-05-18-1

CONFIRM - http://kbase.redhat.com/faq/docs/DOC-20491

HP - HPSBMA02547

HP - HPSBGN02562

HP - HPSBUX02482

MISC - http://extendedsubset.com/Renegotiating_TLS.pdf

MISC - http://extendedsubset.com/?p=8

MISC - http://clicky.me/tlsvuln

CONFIRM - http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

MISC - http://blogs.iss.net/archive/sslmitmiscsrf.html

MISC - http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

MISC - http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

HP - SSRT100817

HP - HPSBMU02759

GENTOO - GLSA-201203-22

SECUNIA - 48577

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

HP - HPSBMA02568

HP - HPSBMA02534

HP - SSRT100179

HP - SSRT090249

BUGTRAQ - 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities

GENTOO - GLSA-201406-32

CONFIRM - http://www.openssl.org/news/secadv_20091111.txt

SECUNIA - 41818

HP - SSRT101846

DEBIAN - DSA-3253

Related Patches

Apple 2010-10-20 Java for Mac OS X 10.6 Update 3

Apple 2010-10-20 Java for Mac OS X 10.5 Update 8

Sun Java JRE 1.6.0_22 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2009:6656 compat-openssl097g security update for SLE 10 SP2 i586

Novell SUSE 2009:6657 compat-openssl097g security update for SLE 10 SP3 i586

Novell SUSE 2009:6657 compat-openssl097g security update for SLE 10 SP3 x86_64

Novell SUSE 2010:6943 openssl security update for SLE 10 SP2 i586

Novell SUSE 2010:6970 MozillaFirefox security update for SLE 10 SP2 i586

Novell SUSE 2010:6971 mozilla-xulrunner190 security update for SLE 10 SP3 i586

Novell SUSE 2010:6976 mozilla-xulrunner190 security update for SLE 10 SP2 i586

Novell SUSE 2010:6977 mozilla-nspr security update for SLE 10 SP2 i586

Novell SUSE 2010:6978 mozilla-nss security update for SLE 10 SP3 i586

Novell SUSE 2011:7299 gnutls security update for SLE 10 SP3 i586

Novell SUSE 2011:7645 compat-openssl097g security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:56