Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2009-3555

Published: 09/11/2009 Updated: 13/02/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 593
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Services (NSS) 3.12.4 and previous versions, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle malicious users to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0

apache http server

openssl openssl

gnu gnutls

mozilla nss

debian debian linux 5.0

canonical ubuntu linux 10.10

fedoraproject fedora 11

fedoraproject fedora 13

debian debian linux 4.0

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 9.04

debian debian linux 6.0

fedoraproject fedora 12

canonical ubuntu linux 8.04

canonical ubuntu linux 10.04

canonical ubuntu linux 8.10

canonical ubuntu linux 9.10

fedoraproject fedora 14

f5 nginx

Vendor Advisories

Debian CVElist Bug Report Logs: "slowloris" denial-of-service vulnerability
Debian Bug report logs - #533661 "slowloris" denial-of-service vulnerability Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 20 ...
Debian CVElist Bug Report Logs: Not possible to disable SSLv3
Debian Bug report logs - #765539 Not possible to disable SSLv3 Package: pound; Maintainer for pound is Carsten Leonhardt <leo@debianorg>; Source for pound is src:pound (PTS, buildd, popcon) Reported by: Brian May <brian@microcomaustraliacomau> Date: Thu, 16 Oct 2014 01:09:02 UTC Severity: important Tags: security ...
Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake
Debian Bug report logs - #719954 polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Henri Salo <henri@nervfi> Date: Sat, 17 Aug 2013 07:42:01 UTC Severity: important Tags: fixed-upstream, ...
Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555
Debian Bug report logs - #704946 polarssl: CVE-2009-3555 Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 02:39:02 UTC Severity: important Tags: security Fixed in version polarssl/131-1 Done: Roland Stigge &lt ...
Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915
Debian Bug report logs - #725359 polarssl: CVE-2013-5914 CVE-2013-5915 Package: polarssl; Maintainer for polarssl is Roland Stigge <stigge@antcomde>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 4 Oct 2013 14:15:10 UTC Severity: grave Tags: pending, security Found in version 128-2 Fixed in version ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabi ...
Red Hat: Important: java-1.6.0-openjdk security and bug fix update
Synopsis Important: java-160-openjdk security and bug fix update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues andtwo bugs are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as ha ...
Red Hat: Critical: java-1.4.2-ibm security update
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThe Red Ha ...
Red Hat: Moderate: httpd and httpd22 security update
Synopsis Moderate: httpd and httpd22 security update Type/Severity Security Advisory: Moderate Topic Updated httpd and httpd22 packages that fix multiple security issues arenow available for JBoss Enterprise Web Server 100 for Red Hat EnterpriseLinux 4 and 5This update has been rated as having moderate s ...
Red Hat: Critical: java-1.6.0-ibm security update
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...
Red Hat: Moderate: nss security update
Synopsis Moderate: nss security update Type/Severity Security Advisory: Moderate Topic Updated nss packages that fix a security issue are now available for RedHat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scori ...
Red Hat: Low: JBoss Enterprise Web Server 1.0.1 update
Synopsis Low: JBoss Enterprise Web Server 101 update Type/Severity Security Advisory: Low Topic JBoss Enterprise Web Server 101 is now available for Red Hat EnterpriseLinux 4 and 5This update has been rated as having low security impact by the Red HatSecurity Response Team Description ...
Red Hat: Moderate: gnutls security update
Synopsis Moderate: gnutls security update Type/Severity Security Advisory: Moderate Topic Updated gnutls packages that fix two security issues are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scor ...
Red Hat: Moderate: openssl097a security update
Synopsis Moderate: openssl097a security update Type/Severity Security Advisory: Moderate Topic Updated openssl097a packages that fix a security issue are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabi ...
Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulner ...
Red Hat: Moderate: java-1.4.2-ibm security and bug fix update
Synopsis Moderate: java-142-ibm security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated java-142-ibm packages that fix one security issue and a bug arenow available for Red Hat Enterprise Linux 3 Extras, Red Hat EnterpriseLinux 4 Extras, and Red Hat Enterprise Linux 5 Supplem ...
Red Hat: Critical: java-1.5.0-sun security update
Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic The java-150-sun packages as shipped in Red Hat Enterprise Linux 4 Extrasand 5 Supplementary contain security flaws and should not be usedThe Red Hat Security Response Team has rated this update as having cr ...
Red Hat: Moderate: java-1.5.0-ibm security update
Synopsis Moderate: java-150-ibm security update Type/Severity Security Advisory: Moderate Topic Updated java-150-ibm packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having moderate security impact by the RedHat S ...
Red Hat: Moderate: gnutls security update
Synopsis Moderate: gnutls security update Type/Severity Security Advisory: Moderate Topic Updated gnutls packages that fix two security issues are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scor ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...
Debian Security Advisories: DSA-2626-1 lighttpd -- several issues
Several vulnerabilities were discovered in the TLS/SSL protocol This update addresses these protocol vulnerabilities in lighttpd CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle ...
Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw
DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 (openssl), DSA 2141-2 (nss), DSA 2141-3 (apache2), and DSA 2141-4 (lighttpd) This page only covers the first part, openssl CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols If an attacke ...
Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection The attack is related to the way how TLS and SSL handle session renegotiations CVE-2009-3555 has been assigned to this vulnerability As a partial mitigation against this attack, this apache2 update ...
Debian Security Advisories: DSA-3253-1 pound -- security update
Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555) TLS compression is disabled (CVE-2012-4929), ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session (CVE-2009-3555) ...
Ubuntu Security Notice: nss vulnerability
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session This update adds support for the new new renegotiation extension and will use it when the serve ...
Ubuntu Security Notice: nss vulnerability
Under certain conditions, an attacker could execute commands in web applications using your authenticated credentials ...
Ubuntu Security Notice: nss vulnerability
Under certain conditions, an attacker could execute commands in web applications using your authenticated credentials ...
Ubuntu Security Notice: apache2 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session The flaw is with TLS renegotiation and potentially affects any software that supports this feat ...
Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiati ...
Ubuntu Security Notice: openssl vulnerability
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session This update adds backported support for the new RFC5746 renegotiation extension and will use it ...
Ubuntu Security Notice: apache2 vulnerability
USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555 USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue ...
Mozilla: Update NSS to support TLS renegotiation indication
Mozilla Foundation Security Advisory 2010-22 Update NSS to support TLS renegotiation indication Announced March 30, 2010 Reporter Mozilla developers and community Impact Low Products Firefox, SeaMonkey, Thunderbird Fixe ...
Cisco: Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack The vulnerability exists during a TLS renegotiation process If an attacker can intercept traffic from a client to a TLS server, the attacker co ...
Cisco: Transport Layer Security Renegotiation Vulnerability
An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack This advisory is posted at toolscisc ...

ICS Advisories

Mitsubishi Electric Air Conditioning Systems
Critical Infrastructure Sectors: Commercial Facilities

Exploits

Exploit DB: TLS Renegotiation Exploit
This is a proof of concept exploit demonstration the TLS renegotiation vulnerability ...
Exploit DB: Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
source: wwwsecurityfocuscom/bid/35888/info Mozilla Network Security Services (NSS) is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones The NSS library is used by a number of applications, ...
Exploit DB: TLS - Renegotiation
#!/usr/bin/env python ###################################### # # # RedTeam Pentesting GmbH # # kontakt@redteam-pentestingde # # wwwredteam-pentestingde # # # ###################################### # PoC exploit for the TLS renegotiation vulnerability ...

Github Repositories

https://github.com/ADesprets/DPSSLClientProfile

Deep dive in DataPower TLS configuration

DataPower TLS Configuration for certificates validation with a SSL Client Profile This small article is a go at explaining some of the possible configurations and the benefits of each configuration The goal is to demonstrate the behavior of the various configurations In fact, we are concentrating on the following parameters of a SSL Client Profile in the red boxes below: Thi

https://github.com/palmerabollo/egov

eGov España - API abierto de acceso a datos púbicos

eGov España - API de acceso a datos púbicos ¿Te entra la risa floja cuando oyes hablar de transformación digital? ¿Ya no crees en promesas de datos abiertos? ¿Crees que está feo dilapidar dinero público en "portalitos"? Estás en el sitio adecuado El plan es construir APIs decentes que consulten fuentes d

https://github.com/ekiojp/hanase

Make Faraday speak Japanese

hanase Speak Japanese! / 日本語で話せ! A simple tool to make Faraday Status Report (Vulnerabilities name, description, severiry, references, etc) in Japanese The trick is actually on getting CVE numbers of each vulnerability, in Japan we have a public CVE DB (in Japanese of course) where we can lookup for CVE's, called JVN iPedia Also, will add the JVN CVE's f

https://github.com/galeone/letsencrypt-lighttpd

Renew your let's encrypt certificates monthly, using lighttpd as webserver.

Let's Encrypt renewal for Lighttpd This script automatize the renewal process for certificates issued by Let's Encrypt Setup Let's Encrypt on Lighttpd (for the first time) Long story short, run as root: certbot certonly --manual Follow the steps required for every domain (and subdomain) and then for every domain do: cd /etc

https://github.com/withdk/pulse-secure-vpn-mitm-research

Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239

pulse-secure-vpn-mitm-research Pulse Secure mitm research Release date Joint release date with vendor: 26 Oct 2020 Author David Kierznowski, @withdk Credits Sahil Mahajan from the Pulse Secure PSIRT Team for support throughout the disclosure process Alyssa Herrera, Justin Wagner, and Mimir, and Rich Warren for their write-up, "Red Teamer’s Guide to Pulse Secure SSL

https://github.com/kins-dev/igrill-smoker

Using the iGrill as a control unit for a DIY smoker

Starting with Raspberry Pi Stretch 🔴 Note: You are 100% responsible for ensuring safe food practices are followed 🔴 Check and modify temperatures as appropriate Table of Contents Problem Statement Design Equipment Requirements Installation Software Setup Using iGrill Mini Grill Setup Running Lighttpd Setup Project Notes iGrill Smoker Board Rev *A *A Board *A N

https://github.com/johnwchadwick/cve-2009-3555-test-server

A TLS server using a vendored fork of the Go TLS stack that has renegotation indication extension forcibly disabled.

What is this? This is a TLS server using a vendored fork of the Go TLS stack that has renegotation indication extension forcibly disabled, which will trigger CVE-2009-3555 mitigations in OpenSSL 30+ Note that it isn't truly vulnerable to CVE-2009-3555 because the Go TLS stack doesn't allow renegotiations at all The function of this program is to act as a test serve

https://github.com/RedHatProductSecurity/CVE-HOWTO

CVE assignment documentation

CVE-HOWTO CVE assignment documentation - this document replaces peopleredhatcom/kseifrie/CVE-OpenSource-Request-HOWTOhtml Please note that this document pertains to CVE's for issues found in Open Source programs, not closed source programs, if you need a CVE for a closed source program I suggest you go to MITRE directly Copyright: Red Hat 2016 Author: Kurt Seifr

https://github.com/withdk/pulse-secure-mitm-research

Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239

pulse-secure-vpn-mitm-research Pulse Secure mitm research Release date Joint release date with vendor: 26 Oct 2020 Author David Kierznowski, @withdk Credits Sahil Mahajan from the Pulse Secure PSIRT Team for support throughout the disclosure process Alyssa Herrera, Justin Wagner, and Mimir, and Rich Warren for their write-up, "Red Teamer’s Guide to Pulse Secure SSL

https://github.com/euxcet/thulearn2018

Tools for Web Learning of Tsinghua University.

Thu Learn 2018 Tools for Web Learning of Tsinghua University 20231128 Fix UNSAFE_LEGACY_RENEGOTIATION_DISABLED error It has been confirmed on some Linux distros that the depreciation of legacy unsafe renegotiation in OpenSSL causes UNSAFE_LEGACY_RENEGOTIATION_DISABLED error By refering to stackoverflowcom/questions/71603314/ssl-error-unsafe-legacy-renegotiation-di

References

CWE-295http://www.tombom.co.uk/blog/?p=85http://www.ietf.org/mail-archive/web/tls/current/msg03948.htmlhttp://secunia.com/advisories/37292https://bugzilla.mozilla.org/show_bug.cgi?id=526689http://extendedsubset.com/?p=8http://www.ietf.org/mail-archive/web/tls/current/msg03928.htmlhttp://www.vupen.com/english/advisories/2009/3165http://marc.info/?l=cryptography&m=125752275331877&w=2http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringhttp://www.vupen.com/english/advisories/2009/3164http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2http://kbase.redhat.com/faq/docs/DOC-20491https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txthttp://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.htmlhttp://www.securityfocus.com/bid/36935http://www.betanews.com/article/1257452450http://www.openwall.com/lists/oss-security/2009/11/06/3http://www.openwall.com/lists/oss-security/2009/11/05/3https://bugzilla.redhat.com/show_bug.cgi?id=533125http://www.links.org/?p=780http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.htmlhttp://secunia.com/advisories/37291http://www.openwall.com/lists/oss-security/2009/11/05/5http://www.openwall.com/lists/oss-security/2009/11/07/3http://extendedsubset.com/Renegotiating_TLS.pdfhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtmlhttp://www.securitytracker.com/id?1023163http://www.kb.cert.org/vuls/id/120541http://www.links.org/?p=789http://seclists.org/fulldisclosure/2009/Nov/139http://blogs.iss.net/archive/sslmitmiscsrf.htmlhttp://www.links.org/?p=786http://www.vupen.com/english/advisories/2009/3220http://support.citrix.com/article/CTX123359http://secunia.com/advisories/37320http://www.vupen.com/english/advisories/2009/3205http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.htmlhttp://securitytracker.com/id?1023148http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1http://www.debian.org/security/2009/dsa-1934http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlhttp://sysoev.ru/nginx/patch.cve-2009-3555.txthttp://www.openwall.com/lists/oss-security/2009/11/20/1http://www.openwall.com/lists/oss-security/2009/11/23/10http://wiki.rpath.com/Advisories:rPSA-2009-0155https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlhttp://www.securitytracker.com/id?1023272https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlhttp://www.securitytracker.com/id?1023271http://openbsd.org/errata45.html#010_opensslhttp://www.securitytracker.com/id?1023207http://secunia.com/advisories/37656http://www.securitytracker.com/id?1023211http://www.securitytracker.com/id?1023218http://www.vupen.com/english/advisories/2009/3353http://www.securitytracker.com/id?1023209http://www.securitytracker.com/id?1023273http://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://www.securitytracker.com/id?1023215http://www.ingate.com/Relnote.php?ver=481https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlhttp://secunia.com/advisories/37504http://www.securitytracker.com/id?1023208http://www.securitytracker.com/id?1023212http://www.securitytracker.com/id?1023243https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.htmlhttp://clicky.me/tlsvulnhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlhttp://www.securitytracker.com/id?1023204http://secunia.com/advisories/37501http://www.securitytracker.com/id?1023217http://www.securitytracker.com/id?1023210http://www.securitytracker.com/id?1023274http://secunia.com/advisories/37675http://www.securitytracker.com/id?1023205http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686http://www.securitytracker.com/id?1023275http://www.securitytracker.com/id?1023216http://openbsd.org/errata46.html#004_opensslhttp://www.securitytracker.com/id?1023270http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlhttp://www.securitytracker.com/id?1023206http://osvdb.org/60521http://www.securitytracker.com/id?1023219http://www.vupen.com/english/advisories/2009/3354http://secunia.com/advisories/37604http://secunia.com/advisories/37859http://www.vupen.com/english/advisories/2009/3484http://www.vupen.com/english/advisories/2009/3587https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg24025312https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlhttp://secunia.com/advisories/37640http://osvdb.org/60972http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=onlyhttp://www.proftpd.org/docs/RELEASE_NOTES-1.3.2chttp://www.vupen.com/english/advisories/2009/3521http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlhttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlhttp://secunia.com/advisories/38056http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTEShttp://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedhttp://support.apple.com/kb/HT4004http://secunia.com/advisories/38241http://www.vupen.com/english/advisories/2010/0173http://secunia.com/advisories/38484http://osvdb.org/62210http://www.arubanetworks.com/support/alerts/aid-020810.txthttp://www.vupen.com/english/advisories/2010/0086http://secunia.com/advisories/38003http://support.avaya.com/css/P8/documents/100070150http://www.securitytracker.com/id?1023428http://www.securitytracker.com/id?1023427http://www.securitytracker.com/id?1023411http://www.securitytracker.com/id?1023426http://www.redhat.com/support/errata/RHSA-2010-0119.htmlhttp://secunia.com/advisories/38687http://secunia.com/advisories/38020http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1http://www.redhat.com/support/errata/RHSA-2010-0167.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0155.htmlhttp://www.vupen.com/english/advisories/2010/0748http://secunia.com/advisories/39243http://secunia.com/advisories/39136https://bugzilla.mozilla.org/show_bug.cgi?id=545755http://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlhttp://secunia.com/advisories/39242http://www.redhat.com/support/errata/RHSA-2010-0338.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0339.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlhttp://secunia.com/advisories/39317http://ubuntu.com/usn/usn-923-1http://secunia.com/advisories/39292http://secunia.com/advisories/37453http://www.securitytracker.com/id?1023224http://secunia.com/advisories/37383http://secunia.com/advisories/37399http://www.vupen.com/english/advisories/2009/3310http://www.vupen.com/english/advisories/2009/3313http://www.securitytracker.com/id?1023214http://www.securitytracker.com/id?1023213http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446http://www.vupen.com/english/advisories/2010/0848http://secunia.com/advisories/38781http://secunia.com/advisories/39278http://www.redhat.com/support/errata/RHSA-2010-0130.htmlhttp://www.ubuntu.com/usn/USN-927-1http://secunia.com/advisories/39500http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848http://www.vupen.com/english/advisories/2010/0982http://www-01.ibm.com/support/docview.wss?uid=swg21426108http://www.mandriva.com/security/advisories?name=MDVSA-2010:076http://www.vupen.com/english/advisories/2010/0933http://www.mandriva.com/security/advisories?name=MDVSA-2010:084http://secunia.com/advisories/39628http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlhttp://secunia.com/advisories/39461http://www.vupen.com/english/advisories/2010/0916http://www.mandriva.com/security/advisories?name=MDVSA-2010:089http://www.vupen.com/english/advisories/2010/1054http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlhttp://support.avaya.com/css/P8/documents/100081611http://www.redhat.com/support/errata/RHSA-2010-0165.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlhttp://secunia.com/advisories/39632http://secunia.com/advisories/39713http://www.vupen.com/english/advisories/2010/0994http://marc.info/?l=bugtraq&m=127419602507642&w=2http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1107http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlhttp://secunia.com/advisories/39819http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlhttp://support.apple.com/kb/HT4170http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1http://support.apple.com/kb/HT4171http://www.vupen.com/english/advisories/2010/1191http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlhttp://www.vupen.com/english/advisories/2010/1350http://secunia.com/advisories/40070http://osvdb.org/65202http://www.openoffice.org/security/cves/CVE-2009-3555.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1http://secunia.com/advisories/39127http://www.vupen.com/english/advisories/2010/1639http://www.opera.com/support/search/view/944/http://www.ubuntu.com/usn/USN-927-5http://www.vupen.com/english/advisories/2010/1673http://www.opera.com/docs/changelogs/unix/1060/http://www.ubuntu.com/usn/USN-927-4http://www.vupen.com/english/advisories/2010/1793http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://secunia.com/advisories/40545http://secunia.com/advisories/40747http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041http://www.vupen.com/english/advisories/2010/2010http://secunia.com/advisories/40866http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054http://www-01.ibm.com/support/docview.wss?uid=swg21432298http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttp://secunia.com/advisories/41490http://secunia.com/advisories/41480http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995http://www.vupen.com/english/advisories/2010/2745http://support.avaya.com/css/P8/documents/100114315http://support.avaya.com/css/P8/documents/100114327http://www.redhat.com/support/errata/RHSA-2010-0770.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-287A.htmlhttp://www.ubuntu.com/usn/USN-1010-1http://www.redhat.com/support/errata/RHSA-2010-0786.htmlhttp://secunia.com/advisories/41972http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0807.htmlhttp://secunia.com/advisories/41967http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0865.htmlhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0768.htmlhttp://www.vupen.com/english/advisories/2010/3086http://www-01.ibm.com/support/docview.wss?uid=swg24006386http://secunia.com/advisories/42379http://secunia.com/advisories/42377http://www.securitytracker.com/id?1024789http://secunia.com/advisories/42467http://www.vupen.com/english/advisories/2010/3126http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlhttp://www.vupen.com/english/advisories/2010/3069http://secunia.com/advisories/42811http://www.vupen.com/english/advisories/2011/0032http://www.debian.org/security/2011/dsa-2141http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0986.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0987.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://secunia.com/advisories/42724http://secunia.com/advisories/42816http://secunia.com/advisories/42808http://secunia.com/advisories/42733https://kb.bluecoat.com/index?page=content&id=SA50http://www.vupen.com/english/advisories/2011/0033http://www.vupen.com/english/advisories/2011/0086http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://secunia.com/advisories/43308http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlhttp://secunia.com/advisories/44183http://www.redhat.com/support/errata/RHSA-2011-0880.htmlhttp://marc.info/?l=bugtraq&m=130497311408250&w=2http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlhttp://marc.info/?l=bugtraq&m=132077688910227&w=2http://secunia.com/advisories/44954http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlhttp://www.securityfocus.com/archive/1/522176http://security.gentoo.org/glsa/glsa-201203-22.xmlhttp://secunia.com/advisories/48577http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlhttp://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://www.openssl.org/news/secadv_20091111.txthttp://secunia.com/advisories/41818http://marc.info/?l=bugtraq&m=142660345230545&w=2http://www.debian.org/security/2015/dsa-3253https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888http://marc.info/?l=bugtraq&m=127128920008563&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=127557596201693&w=2http://marc.info/?l=bugtraq&m=126150535619567&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/54158https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/515055/100/0/threadedhttp://www.securityfocus.com/archive/1/508130/100/0/threadedhttp://www.securityfocus.com/archive/1/508075/100/0/threadedhttp://www.securityfocus.com/archive/1/507952/100/0/threadedhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533661https://www.exploit-db.com/exploits/10071/https://usn.ubuntu.com/923-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20091105-CVE-2009-3555https://www.kb.cert.org/vuls/id/120541
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook