Vulnerability Details : CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Threat overview for CVE-2009-3555
Top countries where our scanners detected CVE-2009-3555
Top open port discovered on systems with this issue
80
IPs affected by CVE-2009-3555 239,033
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3555!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3555
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3555
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2009-3555
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3555
-
Red Hat 2009-11-20Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
-
http://www.redhat.com/support/errata/RHSA-2010-0987.html
SupportThird Party Advisory
-
http://www.betanews.com/article/1257452450
Indiscreet tweet trips awareness of Web SSL vulnerabilityThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0916
Webmail | OVH- OVHThird Party Advisory
-
http://www.securitytracker.com/id?1023210
Third Party Advisory;VDB Entry
-
http://kbase.redhat.com/faq/docs/DOC-20491
Third Party Advisory
-
http://www.securitytracker.com/id?1023273
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1673
Webmail | OVH- OVHThird Party Advisory
-
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
404 Not FoundBroken Link
-
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
The Secure Goose: TLS renegotiation vulnerability (CVE-2009-3555)Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0770.html
SupportThird Party Advisory
-
http://sysoev.ru/nginx/patch.cve-2009-3555.txt
404. Страница не найденаBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
mandriva.comBroken Link
-
http://www.securitytracker.com/id?1023427
Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=133469267822771&w=2
'[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CS' - MARCThird Party Advisory
-
http://www.openoffice.org/security/cves/CVE-2009-3555.html
CVE-2009-3555Third Party Advisory
-
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
CVE-2011-4745, CVE-2011-4746, CVE-2011-4747, CVE-2009-3555, CVE-2011-4748, CVE-2011-4749, XSS, Cross Site Scripting in psa v10.3.1_build1013110726.09 os_RedHat el6, Billing Manager, CWE-79, CAPEC-86,Exploit;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1010-1
USN-1010-1: OpenJDK vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id?1023207
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2015/dsa-3253
Debian -- Security Information -- DSA-3253-1 poundThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/11/23/10
oss-security - Re: CVEs for nginxMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3353
Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1054
Webmail | OVH- OVHThird Party Advisory
-
http://www.links.org/?p=789
Third Party Advisory
-
http://www.securitytracker.com/id?1023211
Third Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
Known Issue: DT162352Third Party Advisory
-
http://www.arubanetworks.com/support/alerts/aid-020810.txt
Access DeniedBroken Link
-
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
G-SEC - Blog: TLS / SSLv3 renegotiation vulnerability explained (Update #2)(Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1793
Webmail | OVH- OVHThird Party Advisory
-
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
[security-announce] SUSE Security Announcement: IBM Java 1.4.2 (SUSE-SA:Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0338.html
SupportThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1Third Party Advisory
-
http://www.securitytracker.com/id?1023163
Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2009/11/05/5
oss-security - Re: CVE-2009-3555 for TLS renegotiation MITM attacksMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-927-4
USN-927-4: nss vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.securitytracker.com/id?1023270
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1023213
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
[SECURITY] Fedora 11 Update: tomcat-native-1.1.18-1.fc11Third Party Advisory
-
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:012Third Party Advisory
-
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
Educated GuessworkThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
Third Party Advisory
-
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
Cosminexusにおける複数の脆弱性:ソフトウェア製品セキュリティ情報:ソフトウェア:日立Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
[security-announce] SUSE Security Announcement: openssl (SUSE-SA:2009:057) - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/3164
Third Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Microsoft Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2010/1107
Webmail | OVH- OVHThird Party Advisory
-
http://www.securitytracker.com/id?1023219
Third Party Advisory;VDB Entry
-
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
'CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation' - MARCThird Party Advisory
-
http://www.securitytracker.com/id?1023209
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2010-0807.html
SupportThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0786.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
Third Party Advisory
-
http://www.securitytracker.com/id?1023271
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
[security-announce] openSUSE-SU-2011:0845-1: important: compat-openssl09Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/2010
Third Party Advisory
-
http://clicky.me/tlsvuln
URL shortener analytics and visitor tracking | clicky.meExploit;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Critical Patch Update - October 2010Third Party Advisory
-
http://support.avaya.com/css/P8/documents/100081611
ASA-2010-119 (RHSA-2010-0165)Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11Third Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
HPSBMU03611 rev.2 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
Microsoft Security Bulletin MS10-049 - Critical | Microsoft DocsPatch;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
Oracle Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=swg24006386
MS81: IBM MQ Internet Pass-ThruThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0130.html
SupportThird Party Advisory
-
http://support.avaya.com/css/P8/documents/100070150
ASA-2009-548Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0032
Webmail | OVH- OVHThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
Third Party Advisory
-
http://openbsd.org/errata45.html#010_openssl
OpenBSD 4.5 ErrataThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201203-22.xml
nginx: Multiple vulnerabilities (GLSA 201203-22) — Gentoo securityThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
Third Party Advisory
-
http://marc.info/?l=cryptography&m=125752275331877&w=2
'OpenSSL 0.9.8l released' - MARCThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0994
Webmail | OVH- OVHThird Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019Third Party Advisory
-
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
404 Not FoundBroken Link
-
http://www.openwall.com/lists/oss-security/2009/11/05/3
oss-security - CVE-2009-3555 for TLS renegotiation MITM attacksMailing List;Third Party Advisory
-
http://www.securitytracker.com/id?1023272
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/1191
Webmail | OVH- OVHThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
Oracle Java SE and Java for Business Critical Patch Update Advisory - October 2010Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
Broken Link
-
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
Not FoundThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0880.html
SupportThird Party Advisory
-
http://www.openssl.org/news/secadv_20091111.txt
/err404.htmlThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
Transport Layer Security (TLS) handshake renegotiation weak security CVE-2009-3555 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
mandriva.comBroken Link
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1Third Party Advisory
-
http://www.securitytracker.com/id?1023217
Third Party Advisory;VDB Entry
-
http://support.apple.com/kb/HT4004
About Security Update 2010-001 - Apple SupportThird Party Advisory
-
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
Update NSS to support TLS renegotiation indication — MozillaThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/1350
Webmail | OVH- OVHThird Party Advisory
-
http://www.securityfocus.com/archive/1/522176
SecurityFocusThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3220
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/11/07/3
oss-security - Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacksMailing List;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg24025312
Third Party Advisory
-
http://www.securitytracker.com/id?1023206
Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
cpuapr2011Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3165
Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
526689 - (CVE-2009-3555) SSL3 & TLS Renegotiation VulnerabilityIssue Tracking;Third Party Advisory
-
http://www.securitytracker.com/id?1023212
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/3126
Webmail | OVH- OVHThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/3521
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
Third Party Advisory
-
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2010-0986.html
SupportThird Party Advisory
-
https://kb.bluecoat.com/index?page=content&id=SA50
Third Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
Broken Link
-
http://www.vupen.com/english/advisories/2010/1639
Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3205
Third Party Advisory
-
http://ubuntu.com/usn/usn-923-1
USN-923-1: OpenJDK vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
Third Party Advisory
-
http://www.securityfocus.com/archive/1/508130/100/0/threaded
Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
Third Party Advisory
-
http://support.avaya.com/css/P8/documents/100114315
ASA-2010-307 (RHSA-2010-0770)Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13Third Party Advisory
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Products, Solutions, and Services - CiscoThird Party Advisory
-
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
Re: TLS renegotiation MITMThird Party Advisory
-
http://www.securitytracker.com/id?1023243
Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
mandriva.comBroken Link
-
http://www.securitytracker.com/id?1023216
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1023411
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12Third Party Advisory
-
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541Third Party Advisory
-
http://marc.info/?l=bugtraq&m=132077688910227&w=2
'[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SS' - MARCThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0982
Webmail | OVH- OVHThird Party Advisory
-
http://openbsd.org/errata46.html#004_openssl
OpenBSD 4.6 ErrataThird Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0339.html
SupportThird Party Advisory
-
http://marc.info/?l=bugtraq&m=130497311408250&w=2
'[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
[SECURITY] Fedora 12 Update: httpd-2.2.14-1.fc12Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/3069
Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1934
[SECURITY] [DSA-1934-1] New apache2 packages fix several issuesThird Party Advisory
-
http://www.securitytracker.com/id?1023426
Third Party Advisory;VDB Entry
-
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
[TLS] MITM attack on delayed TLS-client auth through renegotiationThird Party Advisory
-
http://www.securityfocus.com/archive/1/508075/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-927-5
USN-927-5: nspr update | Ubuntu security notices | UbuntuThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
545755 - Update Mozilla stable branches to NSS 3.12.6 and minimal support for RFC 5746Issue Tracking;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/11/20/1
oss-security - CVEs for nginxMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
-
http://www.vupen.com/english/advisories/2010/2745
Webmail | OVH- OVHThird Party Advisory
-
http://marc.info/?l=bugtraq&m=127128920008563&w=2
'[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Inform' - MARCThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0865.html
SupportThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=533125
533125 – (CVE-2009-3555) CVE-2009-3555 TLS: MITM attacks via session renegotiationIssue Tracking;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0167.html
SupportThird Party Advisory
-
http://support.apple.com/kb/HT4171
About the security content of Java for Mac OS X 10.6 Update 2 - Apple SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3484
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=127557596201693&w=2
'[security bulletin] HPSBUX02524 SSRT100089 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary' - MARCThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
Broken Link
-
http://www.debian.org/security/2011/dsa-2141
Debian -- Security Information -- DSA-2141-1 opensslThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
Broken Link
-
http://www.vupen.com/english/advisories/2010/0748
Webmail | OVH- OVHThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3354
Third Party Advisory
-
http://www.opera.com/docs/changelogs/unix/1060/
How can we help you? - Opera HelpThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200912-01.xml
OpenSSL: Multiple vulnerabilities (GLSA 200912-01) — Gentoo securityThird Party Advisory
-
http://www.securitytracker.com/id?1023274
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2010-0155.html
SupportThird Party Advisory
-
http://www.securitytracker.com/id?1023204
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1023208
Third Party Advisory;VDB Entry
-
http://support.apple.com/kb/HT4170
About the security content of Java for Mac OS X 10.5 Update 7 - Apple SupportThird Party Advisory
-
http://marc.info/?l=bugtraq&m=127419602507642&w=2
'[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
IBM PM12247: SHIP APAR FIXES FOR H28W610 FIX PACK 6.1.0.31.Third Party Advisory
-
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/11/06/3
oss-security - Re: CVE-2009-3555 for TLS renegotiation MITM attacksMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
[SECURITY] Fedora 11 Update: openssl-0.9.8n-1.fc11Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0337.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
Third Party Advisory
-
http://www.securityfocus.com/archive/1/507952/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1023215
Third Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
VMSA-2010-0019.3Third Party Advisory
-
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://securitytracker.com/id?1023148
Third Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
Known Issue: DT162353Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3313
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0165.html
SupportThird Party Advisory
-
http://support.avaya.com/css/P8/documents/100114327
ASA-2010-308 (RHSA-2010-0768)Third Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
Broken Link
-
http://seclists.org/fulldisclosure/2009/Nov/139
Full Disclosure: Re: SSL/TLS MiTM PoCMailing List;Third Party Advisory
-
http://www.securitytracker.com/id?1023218
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
[security-announce] SUSE-SU-2011:0847-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:011Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0119.html
SupportThird Party Advisory
-
http://marc.info/?l=bugtraq&m=134254866602253&w=2
'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARCThird Party Advisory
-
http://extendedsubset.com/Renegotiating_TLS.pdf
Page Not Found - Thủ thuật nhà cáiBroken Link
-
http://www.vupen.com/english/advisories/2010/0933
Webmail | OVH- OVHThird Party Advisory
-
http://support.citrix.com/article/CTX123359
404 - Page not foundThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/3310
Third Party Advisory
-
http://www.ubuntu.com/usn/USN-927-1
USN-927-1: NSS vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.securitytracker.com/id?1023428
Third Party Advisory;VDB Entry
-
http://blogs.iss.net/archive/sslmitmiscsrf.html
Broken Link
-
http://www.vupen.com/english/advisories/2009/3587
Third Party Advisory
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10Third Party Advisory
-
http://www.securitytracker.com/id?1024789
Third Party Advisory;VDB Entry
-
http://www.ingate.com/Relnote.php?ver=481
Release notice for Ingate Firewall® 4.8.1 and Ingate SIParator® 4.8.1Third Party Advisory
-
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
[TLS] TLS renegotiation issueThird Party Advisory
-
http://www.securitytracker.com/id?1023224
Third Party Advisory;VDB Entry
-
http://extendedsubset.com/?p=8
Page Not Found - Thủ thuật nhà cáiBroken Link
-
http://www.opera.com/support/search/view/944/
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
[SECURITY] Fedora 12 Update: tomcat-native-1.1.18-1.fc12Third Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
Broken Link
-
http://www.securitytracker.com/id?1023205
Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/120541
VU#120541 - SSL and TLS protocols renegotiation vulnerabilityThird Party Advisory;US Government Resource
-
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
[SECURITY] Fedora 10 Update: httpd-2.2.14-1.fc10Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0086
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=142660345230545&w=2
'[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARCThird Party Advisory
-
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://www.vupen.com/english/advisories/2011/0033
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0768.html
SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:008Third Party Advisory
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
Broken Link
-
http://www.vupen.com/english/advisories/2010/0848
Third Party Advisory
-
http://www.securityfocus.com/bid/36935
Exploit;Patch;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/515055/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.links.org/?p=786
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13Third Party Advisory
-
http://www.links.org/?p=780
Third Party Advisory
-
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
VMware vCenter Server 4.1 Update 1 Release NotesThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
Known Issue: DT162311Third Party Advisory
-
http://wiki.rpath.com/Advisories:rPSA-2009-0155
Third Party Advisory
-
http://www.securitytracker.com/id?1023214
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/3086
Webmail | OVH- OVHThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0086
Third Party Advisory
-
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
Broken Link
-
http://www.securitytracker.com/id?1023275
Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo securityThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0173
Webmail | OVH- OVHThird Party Advisory
-
http://marc.info/?l=bugtraq&m=126150535619567&w=2
'[security bulletin] HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data In' - MARCThird Party Advisory
-
http://www.tombom.co.uk/blog/?p=85
Broken Link
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*