CVE		CVE-2009-3555
Status		Candidate
Description		The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Severity		Medium
CVSS score		5,8
CVSS vector		(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Phase		Assigned (16.12.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
References		AIXAPAR : IC67848
		AIXAPAR : IC68054
		AIXAPAR : IC68055
		AIXAPAR : PM00675
		AIXAPAR : PM12247
		APPLE : APPLE-SA-2010-01-19-1
		APPLE : APPLE-SA-2010-05-18-1
		APPLE : APPLE-SA-2010-05-18-2
		BID : 36935
		BUGTRAQ : 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
		BUGTRAQ : 20091124 rPSA-2009-0155-1 httpd mod_ssl
		BUGTRAQ : 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
		CERT-VN : VU#120541
		CERT : TA10-222A
		CISCO : 20091109 Transport Layer Security Renegotiation Vulnerability
		CONFIRM : http://blogs.sun.com/security/entry/vulnerability_...
		CONFIRM : http://kbase.redhat.com/faq/docs/DOC-20491
		CONFIRM : http://support.apple.com/kb/HT4004
		CONFIRM : http://support.apple.com/kb/HT4170
		CONFIRM : http://support.apple.com/kb/HT4171
		CONFIRM : http://support.avaya.com/css/P8/documents/100070150
		CONFIRM : http://support.avaya.com/css/P8/documents/100081611
		CONFIRM : http://support.citrix.com/article/CTX123359
		CONFIRM : http://support.zeus.com/zws/media/docs/4.3/RELEASE...
		CONFIRM : http://support.zeus.com/zws/news/2010/01/13/zws_4_...
		CONFIRM : http://sysoev.ru/nginx/patch.cve-2009-3555.txt
		CONFIRM : http://tomcat.apache.org/native-doc/miscellaneous/...
		CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2009-0155
		CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
		CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
		CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
		CONFIRM : http://www.arubanetworks.com/support/alerts/aid-02...
		CONFIRM : http://www.ingate.com/Relnote.php?ver=481
		CONFIRM : http://www.mozilla.org/security/announce/2010/mfsa...
		CONFIRM : http://www.openoffice.org/security/cves/CVE-2009-3...
		CONFIRM : http://www.opera.com/docs/changelogs/unix/1060/
		CONFIRM : http://www.opera.com/support/search/view/944/
		CONFIRM : http://www.oracle.com/technology/deploy/security/c...
		CONFIRM : http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
		CONFIRM : https://bugzilla.mozilla.org/show_bug.cgi?id=545755
		CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=533125
		DEBIAN : DSA-1934
		FEDORA : FEDORA-2009-12229
		FEDORA : FEDORA-2009-12305
		FEDORA : FEDORA-2009-12604
		FEDORA : FEDORA-2009-12606
		FEDORA : FEDORA-2009-12750
		FEDORA : FEDORA-2009-12775
		FEDORA : FEDORA-2009-12782
		FEDORA : FEDORA-2009-12968
		FEDORA : FEDORA-2010-5357
		FEDORA : FEDORA-2010-5942
		FEDORA : FEDORA-2010-6131
		FULLDISC : 20091111 Re: SSL/TLS MiTM PoC
		GENTOO : GLSA-200912-01
		HP : HPSBGN02562
		HP : HPSBMA02534
		HP : HPSBMA02547
		HP : HPSBMA02568
		HP : HPSBUX02482
		HP : SSRT090180
		HP : SSRT090249
		HP : SSRT100179
		HP : SSRT100219
		MANDRIVA : MDVSA-2010:076
		MANDRIVA : MDVSA-2010:084
		MANDRIVA : MDVSA-2010:089
		MISC : http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiati...
		MISC : http://blogs.iss.net/archive/sslmitmiscsrf.html
		MISC : http://clicky.me/tlsvuln
		MISC : http://extendedsubset.com/?p=8
		MISC : http://extendedsubset.com/Renegotiating_TLS.pdf
		MISC : http://www.betanews.com/article/1257452450
		MISC : http://www.educatedguesswork.org/2009/11/understan...
		MISC : http://www.links.org/?p=780
		MISC : http://www.links.org/?p=786
		MISC : http://www.links.org/?p=789
		MISC : http://www.securegoose.org/2009/11/tls-renegotiati...
		MISC : http://www.tombom.co.uk/blog/?p=85
		MISC : https://bugzilla.mozilla.org/show_bug.cgi?id=526689
		MISC : https://support.f5.com/kb/en-us/solutions/public/1...
		MISC : https://svn.resiprocate.org/rep/ietf-drafts/ekr/dr...
		MLIST : [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
		MLIST : [cryptography] 20091105 OpenSSL 0.9.8l released
		MLIST : [gnutls-devel] 20091105 Re: TLS renegotiation MITM
		MLIST : [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
		MLIST : [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
		MLIST : [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
		MLIST : [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
		MLIST : [oss-security] 20091120 CVEs for nginx
		MLIST : [oss-security] 20091123 Re: CVEs for nginx
		MLIST : [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
		MLIST : [tls] 20091104 TLS renegotiation issue
		MS : MS10-049
		OPENBSD : [4.5] 010: SECURITY FIX: November 26, 2009
		OPENBSD : [4.6] 004: SECURITY FIX: November 26, 2009
		OSVDB : 60521
		OSVDB : 60972
		OSVDB : 62210
		OSVDB : 65202
		OVAL : oval:org.mitre.oval:def:10088
		OVAL : oval:org.mitre.oval:def:11578
		OVAL : oval:org.mitre.oval:def:7315
		OVAL : oval:org.mitre.oval:def:7973
		OVAL : oval:org.mitre.oval:def:8366
		OVAL : oval:org.mitre.oval:def:8535
		REDHAT : RHSA-2010:0119
		REDHAT : RHSA-2010:0130
		REDHAT : RHSA-2010:0155
		REDHAT : RHSA-2010:0165
		REDHAT : RHSA-2010:0167
		REDHAT : RHSA-2010:0337
		REDHAT : RHSA-2010:0338
		REDHAT : RHSA-2010:0339
		SECTRACK : 1023148
		SECTRACK : 1023163
		SECTRACK : 1023204
		SECTRACK : 1023205
		SECTRACK : 1023206
		SECTRACK : 1023207
		SECTRACK : 1023208
		SECTRACK : 1023209
		SECTRACK : 1023210
		SECTRACK : 1023211
		SECTRACK : 1023212
		SECTRACK : 1023213
		SECTRACK : 1023214
		SECTRACK : 1023215
		SECTRACK : 1023216
		SECTRACK : 1023217
		SECTRACK : 1023218
		SECTRACK : 1023219
		SECTRACK : 1023224
		SECTRACK : 1023243
		SECTRACK : 1023270
		SECTRACK : 1023271
		SECTRACK : 1023272
		SECTRACK : 1023273
		SECTRACK : 1023274
		SECTRACK : 1023275
		SECTRACK : 1023411
		SECTRACK : 1023426
		SECTRACK : 1023427
		SECTRACK : 1023428
		SECUNIA : 37291
		SECUNIA : 37292
		SECUNIA : 37320
		SECUNIA : 37383
		SECUNIA : 37399
		SECUNIA : 37453
		SECUNIA : 37501
		SECUNIA : 37504
		SECUNIA : 37604
		SECUNIA : 37640
		SECUNIA : 37656
		SECUNIA : 37675
		SECUNIA : 37859
		SECUNIA : 38003
		SECUNIA : 38020
		SECUNIA : 38056
		SECUNIA : 38241
		SECUNIA : 38484
		SECUNIA : 38687
		SECUNIA : 38781
		SECUNIA : 39127
		SECUNIA : 39136
		SECUNIA : 39242
		SECUNIA : 39243
		SECUNIA : 39278
		SECUNIA : 39292
		SECUNIA : 39317
		SECUNIA : 39461
		SECUNIA : 39500
		SECUNIA : 39628
		SECUNIA : 39632
		SECUNIA : 39713
		SECUNIA : 39819
		SECUNIA : 40070
		SECUNIA : 40545
		SECUNIA : 40747
		SECUNIA : 40866
		SECUNIA : 41480
		SECUNIA : 41490
		SLACKWARE : SSA:2009-320-01
		SUNALERT : 1021653
		SUNALERT : 1021752
		SUNALERT : 273029
		SUNALERT : 273350
		SUNALERT : 274990
		SUSE : SUSE-SA:2009:057
		SUSE : SUSE-SR:2010:008
		SUSE : SUSE-SR:2010:011
		SUSE : SUSE-SR:2010:012
		SUSE : SUSE-SR:2010:013
		UBUNTU : USN-923-1
		UBUNTU : USN-927-1
		UBUNTU : USN-927-4
		UBUNTU : USN-927-5
		VUPEN : ADV-2009-3164
		VUPEN : ADV-2009-3165
		VUPEN : ADV-2009-3205
		VUPEN : ADV-2009-3220
		VUPEN : ADV-2009-3310
		VUPEN : ADV-2009-3313
		VUPEN : ADV-2009-3353
		VUPEN : ADV-2009-3354
		VUPEN : ADV-2009-3484
		VUPEN : ADV-2009-3521
		VUPEN : ADV-2009-3587
		VUPEN : ADV-2010-0086
		VUPEN : ADV-2010-0173
		VUPEN : ADV-2010-0748
		VUPEN : ADV-2010-0848
		VUPEN : ADV-2010-0916
		VUPEN : ADV-2010-0933
		VUPEN : ADV-2010-0982
		VUPEN : ADV-2010-0994
		VUPEN : ADV-2010-1054
		VUPEN : ADV-2010-1107
		VUPEN : ADV-2010-1191
		VUPEN : ADV-2010-1350
		VUPEN : ADV-2010-1639
		VUPEN : ADV-2010-1673
		VUPEN : ADV-2010-1793
		VUPEN : ADV-2010-2010
		VUPEN : ADV-2010-2745
		XF : tls-renegotiation-weak-security(54158)
SecurityVulns:		Microsoft Windows Schannel memory corruption
		SSL data injection
		Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities
		HP System Management Homepage multiple security vulnerabilities
		Oracle / Sun applications multiple security vulneraebilities
		Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
		Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
		Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
		Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities