CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
72.6%
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a “plaintext injection” attack, aka the “Project Mogul” issue.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
gnu | gnutls | * | cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* |
mozilla | nss | * | cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:* |
openssl | openssl | * | cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
openssl | openssl | 1.0 | cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:* |
canonical | ubuntu_linux | 8.04 | cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 8.10 | cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 9.04 | cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 9.10 | cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 10.04 | cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* |
archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
blogs.iss.net/archive/sslmitmiscsrf.html
blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
clicky.me/tlsvuln
extendedsubset.com/?p=8
extendedsubset.com/Renegotiating_TLS.pdf
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
kbase.redhat.com/faq/docs/DOC-20491
lists.apple.com/archives/security-announce/2010//May/msg00001.html
lists.apple.com/archives/security-announce/2010//May/msg00002.html
lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
marc.info/?l=bugtraq&m=126150535619567&w=2
marc.info/?l=bugtraq&m=127128920008563&w=2
marc.info/?l=bugtraq&m=127419602507642&w=2
marc.info/?l=bugtraq&m=127557596201693&w=2
marc.info/?l=bugtraq&m=130497311408250&w=2
marc.info/?l=bugtraq&m=132077688910227&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=134254866602253&w=2
marc.info/?l=bugtraq&m=142660345230545&w=2
marc.info/?l=cryptography&m=125752275331877&w=2
openbsd.org/errata45.html#010_openssl
openbsd.org/errata46.html#004_openssl
osvdb.org/60521
osvdb.org/60972
osvdb.org/62210
osvdb.org/65202
seclists.org/fulldisclosure/2009/Nov/139
secunia.com/advisories/37291
secunia.com/advisories/37292
secunia.com/advisories/37320
secunia.com/advisories/37383
secunia.com/advisories/37399
secunia.com/advisories/37453
secunia.com/advisories/37501
secunia.com/advisories/37504
secunia.com/advisories/37604
secunia.com/advisories/37640
secunia.com/advisories/37656
secunia.com/advisories/37675
secunia.com/advisories/37859
secunia.com/advisories/38003
secunia.com/advisories/38020
secunia.com/advisories/38056
secunia.com/advisories/38241
secunia.com/advisories/38484
secunia.com/advisories/38687
secunia.com/advisories/38781
secunia.com/advisories/39127
secunia.com/advisories/39136
secunia.com/advisories/39242
secunia.com/advisories/39243
secunia.com/advisories/39278
secunia.com/advisories/39292
secunia.com/advisories/39317
secunia.com/advisories/39461
secunia.com/advisories/39500
secunia.com/advisories/39628
secunia.com/advisories/39632
secunia.com/advisories/39713
secunia.com/advisories/39819
secunia.com/advisories/40070
secunia.com/advisories/40545
secunia.com/advisories/40747
secunia.com/advisories/40866
secunia.com/advisories/41480
secunia.com/advisories/41490
secunia.com/advisories/41818
secunia.com/advisories/41967
secunia.com/advisories/41972
secunia.com/advisories/42377
secunia.com/advisories/42379
secunia.com/advisories/42467
secunia.com/advisories/42724
secunia.com/advisories/42733
secunia.com/advisories/42808
secunia.com/advisories/42811
secunia.com/advisories/42816
secunia.com/advisories/43308
secunia.com/advisories/44183
secunia.com/advisories/44954
secunia.com/advisories/48577
security.gentoo.org/glsa/glsa-200912-01.xml
security.gentoo.org/glsa/glsa-201203-22.xml
security.gentoo.org/glsa/glsa-201406-32.xml
securitytracker.com/id?1023148
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
support.apple.com/kb/HT4004
support.apple.com/kb/HT4170
support.apple.com/kb/HT4171
support.avaya.com/css/P8/documents/100070150
support.avaya.com/css/P8/documents/100081611
support.avaya.com/css/P8/documents/100114315
support.avaya.com/css/P8/documents/100114327
support.citrix.com/article/CTX123359
support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
sysoev.ru/nginx/patch.cve-2009-3555.txt
tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
ubuntu.com/usn/usn-923-1
wiki.rpath.com/Advisories:rPSA-2009-0155
www-01.ibm.com/support/docview.wss?uid=swg1IC67848
www-01.ibm.com/support/docview.wss?uid=swg1IC68054
www-01.ibm.com/support/docview.wss?uid=swg1IC68055
www-01.ibm.com/support/docview.wss?uid=swg1PM12247
www-01.ibm.com/support/docview.wss?uid=swg21426108
www-01.ibm.com/support/docview.wss?uid=swg21432298
www-01.ibm.com/support/docview.wss?uid=swg24006386
www-01.ibm.com/support/docview.wss?uid=swg24025312
www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
www.arubanetworks.com/support/alerts/aid-020810.txt
www.betanews.com/article/1257452450
www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
www.debian.org/security/2009/dsa-1934
www.debian.org/security/2011/dsa-2141
www.debian.org/security/2015/dsa-3253
www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
www.ietf.org/mail-archive/web/tls/current/msg03928.html
www.ietf.org/mail-archive/web/tls/current/msg03948.html
www.ingate.com/Relnote.php?ver=481
www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
www.kb.cert.org/vuls/id/120541
www.links.org/?p=780
www.links.org/?p=786
www.links.org/?p=789
www.mandriva.com/security/advisories?name=MDVSA-2010:076
www.mandriva.com/security/advisories?name=MDVSA-2010:084
www.mandriva.com/security/advisories?name=MDVSA-2010:089
www.mozilla.org/security/announce/2010/mfsa2010-22.html
www.openoffice.org/security/cves/CVE-2009-3555.html
www.openssl.org/news/secadv_20091111.txt
www.openwall.com/lists/oss-security/2009/11/05/3
www.openwall.com/lists/oss-security/2009/11/05/5
www.openwall.com/lists/oss-security/2009/11/06/3
www.openwall.com/lists/oss-security/2009/11/07/3
www.openwall.com/lists/oss-security/2009/11/20/1
www.openwall.com/lists/oss-security/2009/11/23/10
www.opera.com/docs/changelogs/unix/1060/
www.opera.com/support/search/view/944/
www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
www.redhat.com/support/errata/RHSA-2010-0119.html
www.redhat.com/support/errata/RHSA-2010-0130.html
www.redhat.com/support/errata/RHSA-2010-0155.html
www.redhat.com/support/errata/RHSA-2010-0165.html
www.redhat.com/support/errata/RHSA-2010-0167.html
www.redhat.com/support/errata/RHSA-2010-0337.html
www.redhat.com/support/errata/RHSA-2010-0338.html
www.redhat.com/support/errata/RHSA-2010-0339.html
www.redhat.com/support/errata/RHSA-2010-0768.html
www.redhat.com/support/errata/RHSA-2010-0770.html
www.redhat.com/support/errata/RHSA-2010-0786.html
www.redhat.com/support/errata/RHSA-2010-0807.html
www.redhat.com/support/errata/RHSA-2010-0865.html
www.redhat.com/support/errata/RHSA-2010-0986.html
www.redhat.com/support/errata/RHSA-2010-0987.html
www.redhat.com/support/errata/RHSA-2011-0880.html
www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
www.securityfocus.com/archive/1/507952/100/0/threaded
www.securityfocus.com/archive/1/508075/100/0/threaded
www.securityfocus.com/archive/1/508130/100/0/threaded
www.securityfocus.com/archive/1/515055/100/0/threaded
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/archive/1/522176
www.securityfocus.com/bid/36935
www.securitytracker.com/id?1023163
www.securitytracker.com/id?1023204
www.securitytracker.com/id?1023205
www.securitytracker.com/id?1023206
www.securitytracker.com/id?1023207
www.securitytracker.com/id?1023208
www.securitytracker.com/id?1023209
www.securitytracker.com/id?1023210
www.securitytracker.com/id?1023211
www.securitytracker.com/id?1023212
www.securitytracker.com/id?1023213
www.securitytracker.com/id?1023214
www.securitytracker.com/id?1023215
www.securitytracker.com/id?1023216
www.securitytracker.com/id?1023217
www.securitytracker.com/id?1023218
www.securitytracker.com/id?1023219
www.securitytracker.com/id?1023224
www.securitytracker.com/id?1023243
www.securitytracker.com/id?1023270
www.securitytracker.com/id?1023271
www.securitytracker.com/id?1023272
www.securitytracker.com/id?1023273
www.securitytracker.com/id?1023274
www.securitytracker.com/id?1023275
www.securitytracker.com/id?1023411
www.securitytracker.com/id?1023426
www.securitytracker.com/id?1023427
www.securitytracker.com/id?1023428
www.securitytracker.com/id?1024789
www.tombom.co.uk/blog/?p=85
www.ubuntu.com/usn/USN-1010-1
www.ubuntu.com/usn/USN-927-1
www.ubuntu.com/usn/USN-927-4
www.ubuntu.com/usn/USN-927-5
www.us-cert.gov/cas/techalerts/TA10-222A.html
www.us-cert.gov/cas/techalerts/TA10-287A.html
www.vmware.com/security/advisories/VMSA-2010-0019.html
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
www.vupen.com/english/advisories/2009/3164
www.vupen.com/english/advisories/2009/3165
www.vupen.com/english/advisories/2009/3205
www.vupen.com/english/advisories/2009/3220
www.vupen.com/english/advisories/2009/3310
www.vupen.com/english/advisories/2009/3313
www.vupen.com/english/advisories/2009/3353
www.vupen.com/english/advisories/2009/3354
www.vupen.com/english/advisories/2009/3484
www.vupen.com/english/advisories/2009/3521
www.vupen.com/english/advisories/2009/3587
www.vupen.com/english/advisories/2010/0086
www.vupen.com/english/advisories/2010/0173
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0848
www.vupen.com/english/advisories/2010/0916
www.vupen.com/english/advisories/2010/0933
www.vupen.com/english/advisories/2010/0982
www.vupen.com/english/advisories/2010/0994
www.vupen.com/english/advisories/2010/1054
www.vupen.com/english/advisories/2010/1107
www.vupen.com/english/advisories/2010/1191
www.vupen.com/english/advisories/2010/1350
www.vupen.com/english/advisories/2010/1639
www.vupen.com/english/advisories/2010/1673
www.vupen.com/english/advisories/2010/1793
www.vupen.com/english/advisories/2010/2010
www.vupen.com/english/advisories/2010/2745
www.vupen.com/english/advisories/2010/3069
www.vupen.com/english/advisories/2010/3086
www.vupen.com/english/advisories/2010/3126
www.vupen.com/english/advisories/2011/0032
www.vupen.com/english/advisories/2011/0033
www.vupen.com/english/advisories/2011/0086
xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
bugzilla.mozilla.org/show_bug.cgi?id=526689
bugzilla.mozilla.org/show_bug.cgi?id=545755
bugzilla.redhat.com/show_bug.cgi?id=533125
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
exchange.xforce.ibmcloud.com/vulnerabilities/54158
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
kb.bluecoat.com/index?page=content&id=SA50
lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html