Russian Vulnerability Scanner Database

Back to List

CVE-2009-3555

Scores

EPSS

0.023very_low2.3%
0%20%40%60%80%100%

Percentile: 2.3%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a “plaintext injection” attack, aka the “Project Mogul” issue.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-295CWE-300

Related Vulnerabilities

BDU:2015-04270BDU:2015-04271BDU:2015-04272BDU:2015-05174BDU:2015-05175BDU:2015-05263BDU:2015-05264BDU:2015-05265BDU:2015-05266BDU:2015-05267BDU:2015-05268BDU:2015-05269BDU:2015-05270BDU:2015-05271BDU:2015-05272BDU:2015-05273BDU:2015-05274BDU:2015-05275BDU:2015-05276BDU:2015-05277BDU:2015-05278BDU:2015-05279BDU:2015-05280BDU:2015-06203BDU:2015-06204BDU:2015-07481BDU:2015-08549BDU:2015-09404BDU:2015-09417BDU:2015-09647BDU:2015-09682BDU:2015-09905

Exploits

Exploit ID: 10071

Source: exploitdb

URL: https://www.exploit-db.com/exploits/10071

Exploit ID: 10579

Source: exploitdb

URL: https://www.exploit-db.com/exploits/10579

Exploit ID: 12334

Source: exploitdb

URL: https://www.exploit-db.com/exploits/12334

Exploit ID: 24487

Source: exploitdb

URL: https://www.exploit-db.com/exploits/24487

Exploit ID: 28726

Source: exploitdb

URL: https://www.exploit-db.com/exploits/28726

Exploit ID: 34427

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34427

Exploit ID: 4773

Source: exploitdb

URL: https://www.exploit-db.com/exploits/4773

Exploit ID: 8720

Source: exploitdb

URL: https://www.exploit-db.com/exploits/8720

Exploit ID: CVE-2009-3555

Source: github-poc

URL: https://github.com/johnwchadwick/cve-2009-3555-test-server

Exploit ID: CVE-2014-3570

Source: github-poc

URL: https://github.com/uthrasri/CVE-2014-3570_G2.5_openssl_no_patch

Exploit ID: CVE-2014-8275

Source: github-poc

URL: https://github.com/uthrasri/CVE-2014-8275_openssl_g2.5

Exploit ID: CVE-2015-0204

Source: github-poc

URL: https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script

Exploit ID: CVE-2015-0205

Source: github-poc

URL: https://github.com/saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205

Vulnerable Software (758)

Type: Configuration

Product: aether

Operating System: rhel

Trait: 
{  "fixed": "1.13.1-13.el7"}

Source: redhat

Type: Configuration

Product: aether

Operating System: rhel

Trait: 
{  "fixed": "1.13.1-13.el7"}

Source: redhat

Type: Configuration

Product: ant

Operating System: rhel

Trait: 
{  "fixed": "1.9.2-9.el7"}

Source: redhat

Type: Configuration

Product: ant

Operating System: rhel

Trait: 
{  "fixed": "1.9.2-9.el7"}

Source: redhat

Type: Configuration

Product: aopalliance

Operating System: rhel

Trait: 
{  "fixed": "1.0-8.el7"}

Source: redhat

Type: Configuration

Product: aopalliance

Operating System: rhel

Trait: 
{  "fixed": "1.0-8.el7"}

Source: redhat

Type: Configuration

Product: apache-commons-codec-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.4-16.redhat_3.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: apache-commons-codec-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.4-16.redhat_3.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: apache-commons-net

Operating System: rhel

Trait: 
{  "fixed": "3.2-8.el7"}

Source: redhat

Type: Configuration

Product: apache-commons-net

Operating System: rhel

Trait: 
{  "fixed": "3.2-8.el7"}

Source: redhat

Type: Configuration

Product: apache-ivy

Operating System: rhel

Trait: 
{  "fixed": "2.3.0-4.el7"}

Source: redhat

Type: Configuration

Product: apache-ivy

Operating System: rhel

Trait: 
{  "fixed": "2.3.0-4.el7"}

Source: redhat

Type: Configuration

Product: apache-mime4j

Operating System: rhel

Trait: 
{  "fixed": "0.6-10.redhat_3.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: apache-mime4j

Operating System: rhel

Trait: 
{  "fixed": "0.6-10.redhat_3.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: apache-parent

Operating System: rhel

Trait: 
{  "fixed": "10-14.el7"}

Source: redhat

Type: Configuration

Product: apache-parent

Operating System: rhel

Trait: 
{  "fixed": "10-14.el7"}

Source: redhat

Type: Configuration

Product: apache-resource-bundles

Operating System: rhel

Trait: 
{  "fixed": "2-11.el7"}

Source: redhat

Type: Configuration

Product: apache-resource-bundles

Operating System: rhel

Trait: 
{  "fixed": "2-11.el7"}

Source: redhat

Type: Configuration

Product: apache2

Operating System: ubuntu hardy 8.04

Trait: 
{  "fixed": "2.2.8-1ubuntu0.14"}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: debian

Trait: 
{  "fixed": "2.2.14-2"}

Source: debian