CVE-2009-3555

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-3555

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-3555.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-3555

Aliases

GHSA-f7w7-6pjc-wwm6

Related

Published

2009-11-09T17:30:00Z

Modified

2024-09-18T02:03:44.725751Z

Summary

[none]

Details

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

Affected packages

Debian:11 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nginx

Package

Name: nginx
Purl: pkg:deb/debian/nginx?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / pound

Package

Name: pound
Purl: pkg:deb/debian/pound?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6-6.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pound

Package

Name: pound
Purl: pkg:deb/debian/pound?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6-6.1

Affected versions

1.*

1.7-1

1.8.2-1

1.8.2-1sarge1

1.8.2-1.1

1.9-1

1.9.3-1

1.9.4-1

2.*

2.0-1

2.0-1.1

2.0-1.2

2.2.7-1

2.2.7-2

2.4-1

2.4-2

2.4.2-1

2.4.3-1

2.4.5-1

2.4.5-2

2.4.5-3

2.5-1

2.5-1.1

2.6-1

2.6-2

2.6-3

2.6-4

2.6-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / tomcat-native

Package

Name: tomcat-native
Purl: pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat-native

Package

Name: tomcat-native
Purl: pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat-native

Package

Name: tomcat-native
Purl: pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}