CVE-2009-3555

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-3555
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-3555.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-3555
Aliases
Related
Published
2009-11-09T17:30:00Z
Modified
2024-09-11T03:15:17.623278Z
Summary
[none]
Details

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.14-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.64-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8k-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / pound

Package

Name
pound
Purl
pkg:deb/debian/pound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6-6.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pound

Package

Name
pound
Purl
pkg:deb/debian/pound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6-6.1

Affected versions

1.*

1.7-1
1.8.2-1
1.8.2-1sarge1
1.8.2-1.1
1.9-1
1.9.3-1
1.9.4-1

2.*

2.0-1
2.0-1.1
2.0-1.2
2.2.7-1
2.2.7-2
2.4-1
2.4-2
2.4.2-1
2.4.3-1
2.4.5-1
2.4.5-2
2.4.5-3
2.5-1
2.5-1.1
2.6-1
2.6-2
2.6-3
2.6-4
2.6-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / tomcat-native

Package

Name
tomcat-native
Purl
pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat-native

Package

Name
tomcat-native
Purl
pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat-native

Package

Name
tomcat-native
Purl
pkg:deb/debian/tomcat-native?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}