CVE-2009-3555


Severity : Medium
Published : 2009-11-09
Modified : 2014-10-04
Base Score : 5.8
Details : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Product/Version : Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Pro 5.0  
Mobilinux 5.0.24  
MVL 5 Atom  
CGE 5.x  
Mobilinux 5.x  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Mobilinux 5.0.24  
MVL 5 Atom  
Carrier Grade CGE 6.0  
CGE 5.x  
Mobilinux 5.x  
Pro 5.0  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
 
 
 


CVE Vulnerabilities List CVE-2009
CVE-2009-5064CVE-2009-5029CVE-2009-4895CVE-2009-4881
CVE-2009-4880CVE-2009-4537CVE-2009-4410CVE-2009-4377
CVE-2009-4355CVE-2009-4308CVE-2009-4307CVE-2009-4272
CVE-2009-4141CVE-2009-4135CVE-2009-4134CVE-2009-4131
CVE-2009-4029CVE-2009-4022CVE-2009-4021CVE-2009-4020
CVE-2009-4017CVE-2009-4005CVE-2009-3889CVE-2009-3767
CVE-2009-3736CVE-2009-3726CVE-2009-3720CVE-2009-3639
CVE-2009-3621CVE-2009-3620CVE-2009-3612CVE-2009-3563
CVE-2009-3560CVE-2009-3559CVE-2009-3558CVE-2009-3557
CVE-2009-3555CVE-2009-3550CVE-2009-3547CVE-2009-3490
CVE-2009-3245CVE-2009-3238CVE-2009-3230CVE-2009-3228
CVE-2009-3095CVE-2009-3094CVE-2009-3080CVE-2009-3002
CVE-2009-3001CVE-2009-2910CVE-2009-2909CVE-2009-2908
CVE-2009-2903CVE-2009-2849CVE-2009-2848CVE-2009-2847
CVE-2009-2730CVE-2009-2563CVE-2009-2562CVE-2009-2560
CVE-2009-2417CVE-2009-2412CVE-2009-2409CVE-2009-2042
CVE-2009-1961CVE-2009-1895CVE-2009-1891CVE-2009-1890
CVE-2009-1632CVE-2009-1630CVE-2009-1574CVE-2009-1417
CVE-2009-1389CVE-2009-1387CVE-2009-1386CVE-2009-1378
CVE-2009-1377CVE-2009-1337CVE-2009-1297CVE-2009-1269
CVE-2009-1268CVE-2009-1267CVE-2009-1265CVE-2009-1252
CVE-2009-1210CVE-2009-1196CVE-2009-1195CVE-2009-1194
CVE-2009-1192CVE-2009-0949CVE-2009-0887CVE-2009-0859
CVE-2009-0835CVE-2009-0834CVE-2009-0798CVE-2009-0791
CVE-2009-0778CVE-2009-0316CVE-2009-0217CVE-2009-0163
CVE-2009-0159CVE-2009-0028CVE-2009-0021