CVE-2009-3555

09.11.2009, 17:30

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
apache	http_server	𝑥 ≤ 2.2.14
gnu	gnutls	𝑥 ≤ 2.8.5
mozilla	nss	𝑥 ≤ 3.12.4
openssl	openssl	𝑥 ≤ 0.9.8k
openssl	openssl	1.0
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
debian	debian_linux	4.0
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
debian	debian_linux	8.0
f5	nginx	0.1.0 ≤ 𝑥 ≤ 0.8.22

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

apache2

bookworm	2.4.62-1~deb12u1 fixed
bookworm (security)	2.4.62-1~deb12u2 fixed
bullseye	2.4.62-1~deb11u1 fixed
bullseye (security)	2.4.62-1~deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	2.4.62-3 fixed
squeeze	no-dsa
trixie	2.4.62-3 fixed

lighttpd

bookworm	1.4.69-1 fixed
bullseye	1.4.59-1+deb11u2 fixed
bullseye (security)	1.4.59-1+deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.4.76-1 fixed
squeeze	no-dsa
trixie	1.4.76-1 fixed

nginx

bookworm	1.22.1-9 fixed
bullseye	1.18.0-6.1+deb11u3 fixed
bullseye (security)	1.18.0-6.1+deb11u3 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.26.0-3 fixed
squeeze	no-dsa
trixie	1.26.0-3 fixed

nss

bookworm	2:3.87.1-1 fixed
bullseye	2:3.61-1+deb11u3 fixed
bullseye (security)	2:3.61-1+deb11u4 fixed
jessie	no-dsa
lenny	no-dsa
sid	2:3.105-2 fixed
squeeze	no-dsa
trixie	2:3.105-2 fixed

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
jessie	no-dsa
lenny	no-dsa
sid	3.3.2-2 fixed
squeeze	no-dsa
trixie	3.3.2-2 fixed

pound

bullseye	3.0-2 fixed
jessie	no-dsa
lenny	no-dsa
sid	4.14-2 fixed
squeeze	no-dsa
trixie	4.14-2 fixed

tomcat-native

bookworm	1.2.35-1 fixed
bullseye	1.2.26-1 fixed
jessie	no-dsa
lenny	no-dsa
sid	1.3.1-1 fixed
squeeze	no-dsa
trixie	1.3.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

apache2

dapper	Fixed 2.0.55-4ubuntu2.9 released
hardy	Fixed 2.2.8-1ubuntu0.14 released
intrepid	Fixed 2.2.9-7ubuntu3.5 released
jaunty	Fixed 2.2.11-2ubuntu2.5 released
karmic	Fixed 2.2.12-1ubuntu2.1 released
lucid	Fixed 2.2.14-2ubuntu1 released

gnutls12

dapper	ignored
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

gnutls13

dapper	dne
hardy	ignored
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

gnutls26

dapper	dne
hardy	dne
intrepid	ignored
jaunty	ignored
karmic	ignored
lucid	ignored

libapache-mod-ssl

dapper	ignored
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne
lucid	dne

nss

dapper	dne
hardy	Fixed 3.12.6-0ubuntu0.8.04.1 released
intrepid	ignored
jaunty	Fixed 3.12.6-0ubuntu0.9.04.1 released
karmic	Fixed 3.12.6-0ubuntu0.9.10.1 released
lucid	Fixed 3.12.6-0ubuntu2 released

openjdk-6

dapper	dne
hardy	Fixed 6b11-2ubuntu2.2 released
intrepid	Fixed 6b12-0ubuntu6.7 released
jaunty	Fixed 6b14-1.4.1-0ubuntu13 released
karmic	Fixed 6b16-1.6.1-3ubuntu3 released
lucid	not-affected

openjdk-6b18

dapper	dne
hardy	dne
intrepid	dne
karmic	not-affected
lucid	not-affected
maverick	Fixed 6b18-1.8.2-4ubuntu1 released

openssl

dapper	Fixed 0.9.8a-7ubuntu0.12 released
hardy	Fixed 0.9.8g-4ubuntu3.10 released
intrepid	ignored
jaunty	Fixed 0.9.8g-15ubuntu3.5 released
karmic	Fixed 0.9.8g-16ubuntu3.2 released
lucid	Fixed 0.9.8k-7ubuntu8.1 released

sun-java6

dapper	dne
hardy	Fixed 6.22-0ubuntu1~9.04.1 released
jaunty	Fixed 6.22-0ubuntu1~9.04.1 released
karmic	Fixed 6.22-0ubuntu1~9.10.1 released
lucid	Fixed 6.22-0ubuntu1~10.04 released
maverick	Fixed 6.22-0ubuntu1~10.10 released

openSUSE / SLES Releases

openSUSE Product

Release

MozillaFirefox

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise server 15	52.7.3-1.35 fixed

MozillaFirefox-devel

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise server 15	52.7.3-1.35 fixed

MozillaFirefox-translations-common

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise server 15	52.7.3-1.35 fixed

MozillaFirefox-translations-other

suse enterprise desktop 15	52.7.3-1.35 fixed
suse enterprise sap 15	52.7.3-1.35 fixed
suse enterprise server 15	52.7.3-1.35 fixed

MozillaThunderbird

suse enterprise desktop 15	52.8-1.2 fixed
suse enterprise desktop 15 SP1	60.6.1-3.28.1 fixed
suse enterprise sap 15	52.8-1.2 fixed
suse enterprise sap 15 SP1	60.6.1-3.28.1 fixed
suse enterprise server 15	52.8-1.2 fixed
suse enterprise server 15 SP1	60.6.1-3.28.1 fixed
suse enterprise workstation 15	52.8-1.2 fixed
suse enterprise workstation 15 SP1	60.6.1-3.28.1 fixed

MozillaThunderbird-devel

suse enterprise desktop 15	52.8-1.2 fixed
suse enterprise sap 15	52.8-1.2 fixed
suse enterprise server 15	52.8-1.2 fixed
suse enterprise workstation 15	52.8-1.2 fixed

MozillaThunderbird-translations-common

suse enterprise desktop 15	52.8-1.2 fixed
suse enterprise desktop 15 SP1	60.6.1-3.28.1 fixed
suse enterprise sap 15	52.8-1.2 fixed
suse enterprise sap 15 SP1	60.6.1-3.28.1 fixed
suse enterprise server 15	52.8-1.2 fixed
suse enterprise server 15 SP1	60.6.1-3.28.1 fixed
suse enterprise workstation 15	52.8-1.2 fixed
suse enterprise workstation 15 SP1	60.6.1-3.28.1 fixed

MozillaThunderbird-translations-other

suse enterprise desktop 15	52.8-1.2 fixed
suse enterprise desktop 15 SP1	60.6.1-3.28.1 fixed
suse enterprise sap 15	52.8-1.2 fixed
suse enterprise sap 15 SP1	60.6.1-3.28.1 fixed
suse enterprise server 15	52.8-1.2 fixed
suse enterprise server 15 SP1	60.6.1-3.28.1 fixed
suse enterprise workstation 15	52.8-1.2 fixed
suse enterprise workstation 15 SP1	60.6.1-3.28.1 fixed

apache2

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 12 SP2	2.4.23-14.7 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed

apache2-devel

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed

apache2-doc

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 12 SP2	2.4.23-14.7 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed

apache2-example-pages

suse enterprise server 12 SP2

2.4.23-14.7

fixed

apache2-prefork

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 12 SP2	2.4.23-14.7 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed

apache2-utils

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 12 SP2	2.4.23-14.7 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed

apache2-worker

suse enterprise sap 15	2.4.33-1.28 fixed
suse enterprise sap 15 SP1	2.4.33-3.15.1 fixed
suse enterprise server 12 SP2	2.4.23-14.7 fixed
suse enterprise server 15	2.4.33-1.28 fixed
suse enterprise server 15 SP1	2.4.33-3.15.1 fixed