[VU:120541] SSL and TLS protocols renegotiation vulnerability
Severity
Medium
CVEs
1
Overview
A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
Impact
A remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences.
Solution
Users should contact vendors for specific patch information.
Acknowledgements
Thanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.
- ID
- VU:120541
- Severity
- medium
- Severity from
- CVE-2009-3555
- URL
- https://kb.cert.org/vuls/id/120541
- Published
-
2009-11-11T19:42:20
(15 years ago) - Modified
-
2011-07-22T12:47:20
(13 years ago) - Rights
- Copyright 2009, CERT Coordination Center (CERT/CC)
- Other Advisories
-
- CISCO-SA-20091105-CVE-2009-3555
- CISCO-SA-20091109-TLS
- DSA-3253-1
- ELSA-2009-1579
- ELSA-2010-0162
- ELSA-2010-0164
- ELSA-2010-0165
- ELSA-2010-0166
- ELSA-2010-0339
- ELSA-2010-0768
- FEDORA-2009-12229
- FEDORA-2009-12305
- FEDORA-2009-12604
- FEDORA-2009-12606
- FEDORA-2009-12747
- FEDORA-2009-12750
- FEDORA-2009-12775
- FEDORA-2009-12782
- FEDORA-2009-12968
- FEDORA-2009-13236
- FEDORA-2009-13250
- FEDORA-2010-1127
- FEDORA-2010-15989
- FEDORA-2010-16240
- FEDORA-2010-16294
- FEDORA-2010-16312
- FEDORA-2010-17220
- FEDORA-2010-17826
- FEDORA-2010-3905
- FEDORA-2010-3929
- FEDORA-2010-3956
- FEDORA-2010-5357
- FEDORA-2010-5942
- FEDORA-2010-6025
- FEDORA-2010-6039
- FEDORA-2010-6055
- FEDORA-2010-6131
- FEDORA-2010-6279
- FEDORA-2010-8742
- FEDORA-2010-9421
- FEDORA-2010-9487
- FEDORA-2010-9518
- FEDORA-2010-9639
- FREEBSD:9CCFEE39-3C3B-11DF-9EDC-000F20797EDE
- GLSA-200912-01
- GLSA-201006-18
- GLSA-201110-05
- GLSA-201203-22
- GLSA-201206-18
- GLSA-201301-01
- GLSA-201309-15
- GLSA-201311-13
- GLSA-201406-32
- MAVEN:GHSA-F7W7-6PJC-WWM6
- NGINX:CVE-2009-3555
- RHSA-2010:0865
- RHSA-2010:0987
- SECADV-20091105-1
- SSA:2009-320-01
- SSA:2010-067-01
- USN-1010-1
- USN-860-1
- USN-923-1
- USN-927-1
- USN-927-4
- USN-927-6
- USN-990-1
- USN-990-2
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |