CVE-2009-3555 — MEDIUM (5.8)

Q: How severe is CVE-2009-3555?

CVE-2009-3555 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3555?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Gnu Gnutls, Mozilla Nss, Openssl Openssl, Canonical Ubuntu Linux.

Vulnerability Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	<= 2.2.14
Gnu	Gnutls	<= 2.8.5
Mozilla	Nss	<= 3.12.4
Openssl	Openssl	<= 0.9.8k
Canonical	Ubuntu Linux	8.04
Debian	Debian Linux	4.0
Fedoraproject	Fedora	11
F5	Nginx	>= 0.1.0, <= 0.8.22

Related Weaknesses (CWE)

CWE-295

References

http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlBroken Link
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlThird Party Advisory
http://blogs.iss.net/archive/sslmitmiscsrf.htmlBroken Link
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringThird Party Advisory
http://clicky.me/tlsvulnExploitThird Party Advisory
http://extendedsubset.com/?p=8Broken Link
http://extendedsubset.com/Renegotiating_TLS.pdfBroken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link
http://kbase.redhat.com/faq/docs/DOC-20491Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlThird Party Advisory

FAQ

What is CVE-2009-3555?

CVE-2009-3555 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9....

How severe is CVE-2009-3555?

CVE-2009-3555 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3555?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Gnu Gnutls, Mozilla Nss, Openssl Openssl, Canonical Ubuntu Linux.