CVE-2009-3555

EUVD-2022-3720

09.11.2009, 17:30

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
apache	http_server	𝑥 ≤ 2.2.14
gnu	gnutls	𝑥 ≤ 2.8.5
mozilla	nss	𝑥 ≤ 3.12.4
openssl	openssl	𝑥 ≤ 0.9.8k
openssl	openssl	1.0
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
debian	debian_linux	4.0
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
debian	debian_linux	8.0
f5	nginx	0.1.0 ≤ 𝑥 ≤ 0.8.22

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

apache2

bookworm	2.4.62-1~deb12u1 fixed
bookworm (security)	2.4.62-1~deb12u2 fixed
bullseye	2.4.62-1~deb11u1 fixed
bullseye (security)	2.4.62-1~deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	2.4.62-3 fixed
squeeze	no-dsa
trixie	2.4.62-3 fixed

lighttpd

bookworm	1.4.69-1 fixed
bullseye	1.4.59-1+deb11u2 fixed
bullseye (security)	1.4.59-1+deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.4.76-1 fixed
squeeze	no-dsa
trixie	1.4.76-1 fixed

nginx

bookworm	1.22.1-9 fixed
bullseye	1.18.0-6.1+deb11u3 fixed
bullseye (security)	1.18.0-6.1+deb11u3 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.26.0-3 fixed
squeeze	no-dsa
trixie	1.26.0-3 fixed

nss

bookworm	2:3.87.1-1 fixed
bullseye	2:3.61-1+deb11u3 fixed
bullseye (security)	2:3.61-1+deb11u4 fixed
jessie	no-dsa
lenny	no-dsa
sid	2:3.105-2 fixed
squeeze	no-dsa
trixie	2:3.105-2 fixed

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	3.3.2-2 fixed
squeeze	no-dsa
trixie	3.3.2-2 fixed

pound

bullseye	3.0-2 fixed
jessie	no-dsa
lenny	no-dsa
sid	4.14-2 fixed
squeeze	no-dsa
trixie	4.14-2 fixed

tomcat-native

bookworm	1.2.35-1 fixed
bullseye	1.2.26-1 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.3.1-1 fixed
squeeze	no-dsa
trixie	1.3.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

apache2

dapper	Fixed 2.0.55-4ubuntu2.9 released
hardy	Fixed 2.2.8-1ubuntu0.14 released
intrepid	Fixed 2.2.9-7ubuntu3.5 released
jaunty	Fixed 2.2.11-2ubuntu2.5 released
karmic	Fixed 2.2.12-1ubuntu2.1 released
lucid	Fixed 2.2.14-2ubuntu1 released

gnutls12

dapper	ignored
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

gnutls13

dapper	dne
hardy	ignored
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

gnutls26

dapper	dne
hardy	dne
intrepid	ignored
jaunty	ignored
karmic	ignored
lucid	ignored

libapache-mod-ssl

dapper	ignored
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

nss

dapper	dne
hardy	Fixed 3.12.6-0ubuntu0.8.04.1 released
intrepid	ignored
jaunty	Fixed 3.12.6-0ubuntu0.9.04.1 released
karmic	Fixed 3.12.6-0ubuntu0.9.10.1 released
lucid	Fixed 3.12.6-0ubuntu2 released

openjdk-6

dapper	dne
hardy	Fixed 6b11-2ubuntu2.2 released
intrepid	Fixed 6b12-0ubuntu6.7 released
jaunty	Fixed 6b14-1.4.1-0ubuntu13 released
karmic	Fixed 6b16-1.6.1-3ubuntu3 released
lucid	not-affected

openjdk-6b18

dapper	dne
hardy	dne
intrepid	dne
karmic	not-affected
lucid	not-affected
maverick	Fixed 6b18-1.8.2-4ubuntu1 released

openssl

dapper	Fixed 0.9.8a-7ubuntu0.12 released
hardy	Fixed 0.9.8g-4ubuntu3.10 released
intrepid	ignored
jaunty	Fixed 0.9.8g-15ubuntu3.5 released
karmic	Fixed 0.9.8g-16ubuntu3.2 released
lucid	Fixed 0.9.8k-7ubuntu8.1 released

sun-java6

dapper	dne
hardy	Fixed 6.22-0ubuntu1~9.04.1 released
jaunty	Fixed 6.22-0ubuntu1~9.04.1 released
karmic	Fixed 6.22-0ubuntu1~9.10.1 released
lucid	Fixed 6.22-0ubuntu1~10.04 released
maverick	Fixed 6.22-0ubuntu1~10.10 released