// For flags

CVE-2009-3555

Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

El protocolo TLS y el protocolo SSL v3.0 y posiblemente versiones anteriores, tal y como se usa en Microsoft Internet Information Services (IIS) v7.0, mod_ssl en el servidor HTTP Apache v2.2.14 y anteriores, OpenSSL antes de v0.9.8l, GnuTLS v2.8.5 y anteriores, Mozilla Network Security Services (NSS) v3.12.4 y anteriores, y otros productos, no asocia apropiadamente la renegociación del Handshake SSL en una conexión existente, lo que permite ataques man-in-the-middle en los que el atacante inserta datos en sesiones HTTPS, y posiblemente otro tipo de sesiones protegidas por SSL o TLS, enviando una petición de autenticación que es procesada retroactivamente por un servidor en un contexto post-renegociación. Se trata de un ataque de "inyección de texto plano", también conocido como el problema del "Proyecto Mogul".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-10-05 CVE Reserved
  • 2009-11-06 CVE Published
  • 2009-11-10 First Exploit
  • 2024-07-30 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-295: Improper Certificate Validation
  • CWE-300: Channel Accessible by Non-Endpoint
CAPEC
References (301)
URL Tag Source
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html Broken Link
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html Third Party Advisory
http://blogs.iss.net/archive/sslmitmiscsrf.html Broken Link
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during Third Party Advisory
http://extendedsubset.com/?p=8 Broken Link
http://extendedsubset.com/Renegotiating_TLS.pdf Broken Link
http://kbase.redhat.com/faq/docs/DOC-20491 Third Party Advisory
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html Mailing List
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 Mailing List
http://marc.info/?l=cryptography&m=125752275331877&w=2 Mailing List
http://osvdb.org/60521 Broken Link
http://osvdb.org/60972 Broken Link
http://osvdb.org/62210 Broken Link
http://osvdb.org/65202 Broken Link
http://seclists.org/fulldisclosure/2009/Nov/139 Mailing List
http://secunia.com/advisories/37291 Third Party Advisory
http://secunia.com/advisories/37292 Third Party Advisory
http://secunia.com/advisories/37320 Third Party Advisory
http://secunia.com/advisories/37383 Third Party Advisory
http://secunia.com/advisories/37399 Third Party Advisory
http://secunia.com/advisories/37453 Third Party Advisory
http://secunia.com/advisories/37501 Third Party Advisory
http://secunia.com/advisories/37504 Third Party Advisory
http://secunia.com/advisories/37604 Third Party Advisory
http://secunia.com/advisories/37640 Third Party Advisory
http://secunia.com/advisories/37656 Third Party Advisory
http://secunia.com/advisories/37675 Third Party Advisory
http://secunia.com/advisories/37859 Third Party Advisory
http://secunia.com/advisories/38003 Third Party Advisory
http://secunia.com/advisories/38020 Third Party Advisory
http://secunia.com/advisories/38056 Third Party Advisory
http://secunia.com/advisories/38241 Third Party Advisory
http://secunia.com/advisories/38484 Third Party Advisory
http://secunia.com/advisories/38687 Third Party Advisory
http://secunia.com/advisories/38781 Third Party Advisory
http://secunia.com/advisories/39127 Third Party Advisory
http://secunia.com/advisories/39136 Third Party Advisory
http://secunia.com/advisories/39242 Third Party Advisory
http://secunia.com/advisories/39243 Third Party Advisory
http://secunia.com/advisories/39278 Third Party Advisory
http://secunia.com/advisories/39292 Third Party Advisory
http://secunia.com/advisories/39317 Third Party Advisory
http://secunia.com/advisories/39461 Third Party Advisory
http://secunia.com/advisories/39500 Third Party Advisory
http://secunia.com/advisories/39628 Third Party Advisory
http://secunia.com/advisories/39632 Third Party Advisory
http://secunia.com/advisories/39713 Third Party Advisory
http://secunia.com/advisories/39819 Third Party Advisory
http://secunia.com/advisories/40070 Third Party Advisory
http://secunia.com/advisories/40545 Third Party Advisory
http://secunia.com/advisories/40747 Third Party Advisory
http://secunia.com/advisories/40866 Third Party Advisory
http://secunia.com/advisories/41480 Third Party Advisory
http://secunia.com/advisories/41490 Third Party Advisory
http://secunia.com/advisories/41818 Third Party Advisory
http://secunia.com/advisories/41967 Third Party Advisory
http://secunia.com/advisories/41972 Third Party Advisory
http://secunia.com/advisories/42377 Third Party Advisory
http://secunia.com/advisories/42379 Third Party Advisory
http://secunia.com/advisories/42467 Third Party Advisory
http://secunia.com/advisories/42724 Third Party Advisory
http://secunia.com/advisories/42733 Third Party Advisory
http://secunia.com/advisories/42808 Third Party Advisory
http://secunia.com/advisories/42811 Third Party Advisory
http://secunia.com/advisories/42816 Third Party Advisory
http://secunia.com/advisories/43308 Third Party Advisory
http://secunia.com/advisories/44183 Third Party Advisory
http://secunia.com/advisories/44954 Third Party Advisory
http://secunia.com/advisories/48577 Third Party Advisory
http://securitytracker.com/id?1023148 Third Party Advisory
http://support.apple.com/kb/HT4004 Third Party Advisory
http://support.apple.com/kb/HT4170 Third Party Advisory
http://support.apple.com/kb/HT4171 Third Party Advisory
http://support.avaya.com/css/P8/documents/100070150 Third Party Advisory
http://support.avaya.com/css/P8/documents/100081611 Third Party Advisory
http://support.avaya.com/css/P8/documents/100114315 Third Party Advisory
http://support.avaya.com/css/P8/documents/100114327 Third Party Advisory
http://support.citrix.com/article/CTX123359 Third Party Advisory
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES Broken Link
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released Broken Link
http://sysoev.ru/nginx/patch.cve-2009-3555.txt Broken Link
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0155 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 Third Party Advisory
http://www.arubanetworks.com/support/alerts/aid-020810.txt Broken Link
http://www.betanews.com/article/1257452450 Third Party Advisory
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html Third Party Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html Third Party Advisory
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html Mailing List
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Mailing List
http://www.ingate.com/Relnote.php?ver=481 Third Party Advisory
http://www.kb.cert.org/vuls/id/120541 Third Party Advisory
http://www.links.org/?p=780 Third Party Advisory
http://www.links.org/?p=786 Third Party Advisory
http://www.links.org/?p=789 Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2009-3555.html Third Party Advisory
http://www.openssl.org/news/secadv_20091111.txt Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/05/3 Mailing List
http://www.openwall.com/lists/oss-security/2009/11/05/5 Mailing List
http://www.openwall.com/lists/oss-security/2009/11/06/3 Mailing List
http://www.openwall.com/lists/oss-security/2009/11/07/3 Mailing List
http://www.openwall.com/lists/oss-security/2009/11/20/1 Mailing List
http://www.openwall.com/lists/oss-security/2009/11/23/10 Mailing List
http://www.opera.com/docs/changelogs/unix/1060 Third Party Advisory
http://www.opera.com/support/search/view/944 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html Third Party Advisory
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c Broken Link
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html Third Party Advisory
http://www.securityfocus.com/archive/1/507952/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/508075/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/508130/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/515055/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded Mailing List
http://www.securitytracker.com/id?1023163 Third Party Advisory
http://www.securitytracker.com/id?1023204 Third Party Advisory
http://www.securitytracker.com/id?1023205 Third Party Advisory
http://www.securitytracker.com/id?1023206 Third Party Advisory
http://www.securitytracker.com/id?1023207 Third Party Advisory
http://www.securitytracker.com/id?1023208 Third Party Advisory
http://www.securitytracker.com/id?1023209 Third Party Advisory
http://www.securitytracker.com/id?1023210 Third Party Advisory
http://www.securitytracker.com/id?1023211 Third Party Advisory
http://www.securitytracker.com/id?1023212 Third Party Advisory
http://www.securitytracker.com/id?1023213 Third Party Advisory
http://www.securitytracker.com/id?1023214 Third Party Advisory
http://www.securitytracker.com/id?1023215 Third Party Advisory
http://www.securitytracker.com/id?1023216 Third Party Advisory
http://www.securitytracker.com/id?1023217 Third Party Advisory
http://www.securitytracker.com/id?1023218 Third Party Advisory
http://www.securitytracker.com/id?1023219 Third Party Advisory
http://www.securitytracker.com/id?1023224 Third Party Advisory
http://www.securitytracker.com/id?1023243 Third Party Advisory
http://www.securitytracker.com/id?1023270 Third Party Advisory
http://www.securitytracker.com/id?1023271 Third Party Advisory
http://www.securitytracker.com/id?1023272 Third Party Advisory
http://www.securitytracker.com/id?1023273 Third Party Advisory
http://www.securitytracker.com/id?1023274 Third Party Advisory
http://www.securitytracker.com/id?1023275 Third Party Advisory
http://www.securitytracker.com/id?1023411 Third Party Advisory
http://www.securitytracker.com/id?1023426 Third Party Advisory
http://www.securitytracker.com/id?1023427 Third Party Advisory
http://www.securitytracker.com/id?1023428 Third Party Advisory
http://www.securitytracker.com/id?1024789 Third Party Advisory
http://www.tombom.co.uk/blog/?p=85 Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-222A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0019.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Third Party Advisory
http://www.vupen.com/english/advisories/2009/3164 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3165 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3205 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3220 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3310 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3313 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3353 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3354 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3484 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3521 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3587 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0086 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0173 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0748 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0848 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0916 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0933 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0982 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0994 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1054 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1191 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1350 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1639 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1673 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1793 Third Party Advisory
http://www.vupen.com/english/advisories/2010/2010 Third Party Advisory
http://www.vupen.com/english/advisories/2010/2745 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3069 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3086 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3126 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0032 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0033 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0086 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50 Third Party Advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 Signature
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html Third Party Advisory
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/10071 2009-11-10
https://www.exploit-db.com/exploits/10579 2009-12-21
http://clicky.me/tlsvuln 2024-08-07
http://www.securityfocus.com/bid/36935 2024-08-07
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html 2024-08-07
URL Date SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 2023-02-13
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 2023-02-13
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 2023-02-13
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html 2023-02-13
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html 2023-02-13
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html 2023-02-13
http://marc.info/?l=bugtraq&m=126150535619567&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=127128920008563&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=127419602507642&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=127557596201693&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=130497311408250&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=132077688910227&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=133469267822771&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=134254866602253&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=142660345230545&w=2 2023-02-13
http://openbsd.org/errata45.html#010_openssl 2023-02-13
http://openbsd.org/errata46.html#004_openssl 2023-02-13
http://security.gentoo.org/glsa/glsa-200912-01.xml 2023-02-13
http://security.gentoo.org/glsa/glsa-201203-22.xml 2023-02-13
http://security.gentoo.org/glsa/glsa-201406-32.xml 2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 2023-02-13
http://ubuntu.com/usn/usn-923-1 2023-02-13
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 2023-02-13
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 2023-02-13
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 2023-02-13
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 2023-02-13
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only 2023-02-13
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml 2023-02-13
http://www.debian.org/security/2009/dsa-1934 2023-02-13
http://www.debian.org/security/2011/dsa-2141 2023-02-13
http://www.debian.org/security/2015/dsa-3253 2023-02-13
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0119.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0130.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0155.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0165.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0167.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0337.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0338.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0339.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0768.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0770.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0786.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0807.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0865.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0986.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0987.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0880.html 2023-02-13
http://www.securityfocus.com/archive/1/522176 2023-02-13
http://www.ubuntu.com/usn/USN-1010-1 2023-02-13
http://www.ubuntu.com/usn/USN-927-1 2023-02-13
http://www.ubuntu.com/usn/USN-927-4 2023-02-13
http://www.ubuntu.com/usn/USN-927-5 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=533125 2015-08-12
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2009-3555 2015-08-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 <= 2.2.14
Search vendor "Apache" for product "Http Server" and version " <= 2.2.14"
-
Affected
Gnu
Search vendor "Gnu"
 Gnutls
Search vendor "Gnu" for product "Gnutls"
 <= 2.8.5
Search vendor "Gnu" for product "Gnutls" and version " <= 2.8.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Nss
Search vendor "Mozilla" for product "Nss"
 <= 3.12.4
Search vendor "Mozilla" for product "Nss" and version " <= 3.12.4"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 0.9.8k
Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0
Search vendor "Openssl" for product "Openssl" and version "1.0"
openvms
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 11
Search vendor "Fedoraproject" for product "Fedora" and version "11"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 12
Search vendor "Fedoraproject" for product "Fedora" and version "12"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 13
Search vendor "Fedoraproject" for product "Fedora" and version "13"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 14
Search vendor "Fedoraproject" for product "Fedora" and version "14"
-
Affected
F5
Search vendor "F5"
 Nginx
Search vendor "F5" for product "Nginx"
 >= 0.1.0 <= 0.8.22
Search vendor "F5" for product "Nginx" and version " >= 0.1.0 <= 0.8.22"
-
Affected