ID CVE-2009-3555
Summary The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 03-07-2019 - 17:25)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
oval via4
  • accepted 2013-04-29T04:01:28.016-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:10088
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title aka the "Project Mogul" issue.
    version 25
  • accepted 2010-09-13T04:00:12.331-04:00
    class vulnerability
    contributors
    name Chandan M C
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:11578
    status accepted
    submitted 2010-08-04T16:24:18.000-05:00
    title Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
    version 33
  • accepted 2011-01-10T04:00:05.606-05:00
    class vulnerability
    contributors
    name Yamini Mohan R
    organization Hewlett-Packard
    definition_extensions
    • comment IBM AIX 5.3 is installed
      oval oval:org.mitre.oval:def:5325
    • comment IBM AIX 5.3 is installed
      oval oval:org.mitre.oval:def:5325
    • comment IBM AIX 5.2 is installed
      oval oval:org.mitre.oval:def:5189
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:11617
    status accepted
    submitted 2010-11-30T15:08:26.000-05:00
    title AIX OpenSSL session renegotiation vulnerability
    version 43
  • accepted 2014-10-06T04:04:26.964-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Richard Helbing
      organization baramundi software
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Mozilla Firefox Mainline release is installed
      oval oval:org.mitre.oval:def:22259
    • comment Mozilla Seamonkey is installed
      oval oval:org.mitre.oval:def:6372
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family windows
    id oval:org.mitre.oval:def:7315
    status accepted
    submitted 2010-04-05T10:30:00.000-05:00
    title TLS/SSL Renegotiation Vulnerability
    version 97
  • accepted 2014-01-20T04:01:35.276-05:00
    class vulnerability
    contributors
    • name Varun
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:7478
    status accepted
    submitted 2010-10-04T11:07:15.000-05:00
    title VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
    version 7
  • accepted 2010-03-01T04:00:13.620-05:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:7973
    status accepted
    submitted 2010-01-19T17:52:34.000-05:00
    title Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS)
    version 31
  • accepted 2015-04-20T04:02:38.278-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:8366
    status accepted
    submitted 2010-03-23T16:01:39.000-04:00
    title HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
    version 44
  • accepted 2015-04-20T04:02:39.904-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
    family unix
    id oval:org.mitre.oval:def:8535
    status accepted
    submitted 2010-03-23T16:01:39.000-04:00
    title HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
    version 44
redhat via4
advisories
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment httpd is earlier than 0:2.0.46-77.ent
            oval oval:com.redhat.rhsa:tst:20091579002
          • comment httpd is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619003
        • AND
          • comment httpd-devel is earlier than 0:2.0.46-77.ent
            oval oval:com.redhat.rhsa:tst:20091579006
          • comment httpd-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619005
        • AND
          • comment mod_ssl is earlier than 0:2.0.46-77.ent
            oval oval:com.redhat.rhsa:tst:20091579004
          • comment mod_ssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060619009
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-31.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091579009
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556003
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-31.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091579015
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556005
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-31.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091579013
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556009
        • AND
          • comment mod_ssl is earlier than 0:2.2.3-31.el5_4.2
            oval oval:com.redhat.rhsa:tst:20091579011
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556007
    rhsa
    id RHSA-2009:1579
    released 2009-11-11
    severity Moderate
    title RHSA-2009:1579: httpd security update (Moderate)
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment httpd is earlier than 0:2.0.52-41.ent.6
          oval oval:com.redhat.rhsa:tst:20091580002
        • comment httpd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619003
      • AND
        • comment httpd-devel is earlier than 0:2.0.52-41.ent.6
          oval oval:com.redhat.rhsa:tst:20091580008
        • comment httpd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619005
      • AND
        • comment httpd-manual is earlier than 0:2.0.52-41.ent.6
          oval oval:com.redhat.rhsa:tst:20091580006
        • comment httpd-manual is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619011
      • AND
        • comment httpd-suexec is earlier than 0:2.0.52-41.ent.6
          oval oval:com.redhat.rhsa:tst:20091580010
        • comment httpd-suexec is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070534011
      • AND
        • comment mod_ssl is earlier than 0:2.0.52-41.ent.6
          oval oval:com.redhat.rhsa:tst:20091580004
        • comment mod_ssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2009:1580
    released 2009-11-11
    severity Moderate
    title RHSA-2009:1580: httpd security update (Moderate)
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment openssl is earlier than 0:0.9.7a-33.26
            oval oval:com.redhat.rhsa:tst:20100163002
          • comment openssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695003
        • AND
          • comment openssl-devel is earlier than 0:0.9.7a-33.26
            oval oval:com.redhat.rhsa:tst:20100163006
          • comment openssl-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695005
        • AND
          • comment openssl-perl is earlier than 0:0.9.7a-33.26
            oval oval:com.redhat.rhsa:tst:20100163004
          • comment openssl-perl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695007
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment openssl is earlier than 0:0.9.7a-43.17.el4_8.5
            oval oval:com.redhat.rhsa:tst:20100163009
          • comment openssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695003
        • AND
          • comment openssl-devel is earlier than 0:0.9.7a-43.17.el4_8.5
            oval oval:com.redhat.rhsa:tst:20100163011
          • comment openssl-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695005
        • AND
          • comment openssl-perl is earlier than 0:0.9.7a-43.17.el4_8.5
            oval oval:com.redhat.rhsa:tst:20100163010
          • comment openssl-perl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060695007
    rhsa
    id RHSA-2010:0163
    released 2010-03-25
    severity Moderate
    title RHSA-2010:0163: openssl security update (Moderate)
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment openssl097a is earlier than 0:0.9.7a-9.el5_4.2
      oval oval:com.redhat.rhsa:tst:20100164002
    • comment openssl097a is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20090004017
    rhsa
    id RHSA-2010:0164
    released 2010-03-25
    severity Moderate
    title RHSA-2010:0164: openssl097a security update (Moderate)
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment nspr is earlier than 0:4.8.4-1.1.el4_8
            oval oval:com.redhat.rhsa:tst:20100165002
          • comment nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20081036009
        • AND
          • comment nspr-devel is earlier than 0:4.8.4-1.1.el4_8
            oval oval:com.redhat.rhsa:tst:20100165004
          • comment nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20081036011
        • AND
          • comment nss is earlier than 0:3.12.6-1.el4_8
            oval oval:com.redhat.rhsa:tst:20100165006
          • comment nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080978005
        • AND
          • comment nss-devel is earlier than 0:3.12.6-1.el4_8
            oval oval:com.redhat.rhsa:tst:20100165010
          • comment nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080978007
        • AND
          • comment nss-tools is earlier than 0:3.12.6-1.el4_8
            oval oval:com.redhat.rhsa:tst:20100165008
          • comment nss-tools is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090256009
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment nspr is earlier than 0:4.8.4-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165013
          • comment nspr is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925003
        • AND
          • comment nspr-devel is earlier than 0:4.8.4-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165015
          • comment nspr-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925005
        • AND
          • comment nss is earlier than 0:3.12.6-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165017
          • comment nss is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925013
        • AND
          • comment nss-devel is earlier than 0:3.12.6-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165023
          • comment nss-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925009
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.12.6-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165019
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925007
        • AND
          • comment nss-tools is earlier than 0:3.12.6-1.el5_4
            oval oval:com.redhat.rhsa:tst:20100165021
          • comment nss-tools is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20150925011
    rhsa
    id RHSA-2010:0165
    released 2010-03-25
    severity Moderate
    title RHSA-2010:0165: nss security update (Moderate)
  • bugzilla
    id 533125
    title CVE-2009-3555 TLS: MITM attacks via session renegotiation
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment gnutls is earlier than 0:1.4.1-3.el5_4.8
          oval oval:com.redhat.rhsa:tst:20100166002
        • comment gnutls is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319003
      • AND
        • comment gnutls-devel is earlier than 0:1.4.1-3.el5_4.8
          oval oval:com.redhat.rhsa:tst:20100166006
        • comment gnutls-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319005
      • AND
        • comment gnutls-utils is earlier than 0:1.4.1-3.el5_4.8
          oval oval:com.redhat.rhsa:tst:20100166004
        • comment gnutls-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20120319007
    rhsa
    id RHSA-2010:0166
    released 2010-03-25
    severity Moderate
    title RHSA-2010:0166: gnutls security update (Moderate)
  • rhsa
    id RHSA-2010:0119
  • rhsa
    id RHSA-2010:0130
  • rhsa
    id RHSA-2010:0155
  • rhsa
    id RHSA-2010:0167
  • rhsa
    id RHSA-2010:0337
  • rhsa
    id RHSA-2010:0338
  • rhsa
    id RHSA-2010:0339
  • rhsa
    id RHSA-2010:0768
  • rhsa
    id RHSA-2010:0770
  • rhsa
    id RHSA-2010:0786
  • rhsa
    id RHSA-2010:0807
  • rhsa
    id RHSA-2010:0865
  • rhsa
    id RHSA-2010:0986
  • rhsa
    id RHSA-2010:0987
  • rhsa
    id RHSA-2011:0880
rpms
  • httpd-0:2.0.46-77.ent
  • httpd-devel-0:2.0.46-77.ent
  • mod_ssl-0:2.0.46-77.ent
  • httpd-0:2.2.3-31.el5_4.2
  • httpd-devel-0:2.2.3-31.el5_4.2
  • httpd-manual-0:2.2.3-31.el5_4.2
  • mod_ssl-0:2.2.3-31.el5_4.2
  • httpd-0:2.0.52-41.ent.6
  • httpd-devel-0:2.0.52-41.ent.6
  • httpd-manual-0:2.0.52-41.ent.6
  • httpd-suexec-0:2.0.52-41.ent.6
  • mod_ssl-0:2.0.52-41.ent.6
  • openssl-0:0.9.8e-12.el5_4.6
  • openssl-devel-0:0.9.8e-12.el5_4.6
  • openssl-perl-0:0.9.8e-12.el5_4.6
  • openssl-0:0.9.7a-33.26
  • openssl-devel-0:0.9.7a-33.26
  • openssl-perl-0:0.9.7a-33.26
  • openssl-0:0.9.7a-43.17.el4_8.5
  • openssl-devel-0:0.9.7a-43.17.el4_8.5
  • openssl-perl-0:0.9.7a-43.17.el4_8.5
  • openssl097a-0:0.9.7a-9.el5_4.2
  • nspr-0:4.8.4-1.1.el4_8
  • nspr-devel-0:4.8.4-1.1.el4_8
  • nss-0:3.12.6-1.el4_8
  • nss-devel-0:3.12.6-1.el4_8
  • nss-tools-0:3.12.6-1.el4_8
  • nspr-0:4.8.4-1.el5_4
  • nspr-devel-0:4.8.4-1.el5_4
  • nss-0:3.12.6-1.el5_4
  • nss-devel-0:3.12.6-1.el5_4
  • nss-pkcs11-devel-0:3.12.6-1.el5_4
  • nss-tools-0:3.12.6-1.el5_4
  • gnutls-0:1.4.1-3.el5_4.8
  • gnutls-devel-0:1.4.1-3.el5_4.8
  • gnutls-utils-0:1.4.1-3.el5_4.8
  • gnutls-0:1.0.20-4.el4_8.7
  • gnutls-devel-0:1.0.20-4.el4_8.7
  • java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.31.b17.el6_0
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.31.b17.el6_0
refmap via4
aixapar
  • IC67848
  • IC68054
  • IC68055
  • PM00675
  • PM12247
apple
  • APPLE-SA-2010-01-19-1
  • APPLE-SA-2010-05-18-1
  • APPLE-SA-2010-05-18-2
bid 36935
bugtraq
  • 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
  • 20091124 rPSA-2009-0155-1 httpd mod_ssl
  • 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
  • 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
  • 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
cert
  • TA10-222A
  • TA10-287A
cert-vn VU#120541
cisco 20091109 Transport Layer Security Renegotiation Vulnerability
confirm
debian
  • DSA-1934
  • DSA-2141
  • DSA-3253
fedora
  • FEDORA-2009-12229
  • FEDORA-2009-12305
  • FEDORA-2009-12604
  • FEDORA-2009-12606
  • FEDORA-2009-12750
  • FEDORA-2009-12775
  • FEDORA-2009-12782
  • FEDORA-2009-12968
  • FEDORA-2010-16240
  • FEDORA-2010-16294
  • FEDORA-2010-16312
  • FEDORA-2010-5357
  • FEDORA-2010-5942
  • FEDORA-2010-6131
fulldisc 20091111 Re: SSL/TLS MiTM PoC
gentoo
  • GLSA-200912-01
  • GLSA-201203-22
  • GLSA-201406-32
hp
  • HPSBGN02562
  • HPSBHF02706
  • HPSBHF03293
  • HPSBMA02534
  • HPSBMA02547
  • HPSBMA02568
  • HPSBMU02759
  • HPSBMU02799
  • HPSBOV02683
  • HPSBOV02762
  • HPSBUX02482
  • HPSBUX02498
  • HPSBUX02517
  • HPSBUX02524
  • SSRT090180
  • SSRT090208
  • SSRT090249
  • SSRT090264
  • SSRT100058
  • SSRT100089
  • SSRT100179
  • SSRT100219
  • SSRT100613
  • SSRT100817
  • SSRT100825
  • SSRT101846
mandriva
  • MDVSA-2010:076
  • MDVSA-2010:084
  • MDVSA-2010:089
misc
mlist
  • [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
  • [cryptography] 20091105 OpenSSL 0.9.8l released
  • [gnutls-devel] 20091105 Re: TLS renegotiation MITM
  • [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
  • [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
  • [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
  • [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
  • [oss-security] 20091120 CVEs for nginx
  • [oss-security] 20091123 Re: CVEs for nginx
  • [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
  • [tls] 20091104 TLS renegotiation issue
  • [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
ms MS10-049
openbsd
  • [4.5] 010: SECURITY FIX: November 26, 2009
  • [4.6] 004: SECURITY FIX: November 26, 2009
osvdb
  • 60521
  • 60972
  • 62210
  • 65202
sectrack
  • 1023148
  • 1023163
  • 1023204
  • 1023205
  • 1023206
  • 1023207
  • 1023208
  • 1023209
  • 1023210
  • 1023211
  • 1023212
  • 1023213
  • 1023214
  • 1023215
  • 1023216
  • 1023217
  • 1023218
  • 1023219
  • 1023224
  • 1023243
  • 1023270
  • 1023271
  • 1023272
  • 1023273
  • 1023274
  • 1023275
  • 1023411
  • 1023426
  • 1023427
  • 1023428
  • 1024789
secunia
  • 37291
  • 37292
  • 37320
  • 37383
  • 37399
  • 37453
  • 37501
  • 37504
  • 37604
  • 37640
  • 37656
  • 37675
  • 37859
  • 38003
  • 38020
  • 38056
  • 38241
  • 38484
  • 38687
  • 38781
  • 39127
  • 39136
  • 39242
  • 39243
  • 39278
  • 39292
  • 39317
  • 39461
  • 39500
  • 39628
  • 39632
  • 39713
  • 39819
  • 40070
  • 40545
  • 40747
  • 40866
  • 41480
  • 41490
  • 41818
  • 41967
  • 41972
  • 42377
  • 42379
  • 42467
  • 42724
  • 42733
  • 42808
  • 42811
  • 42816
  • 43308
  • 44183
  • 44954
  • 48577
slackware SSA:2009-320-01
sunalert
  • 1021653
  • 1021752
  • 273029
  • 273350
  • 274990
suse
  • SUSE-SA:2009:057
  • SUSE-SA:2010:061
  • SUSE-SR:2010:008
  • SUSE-SR:2010:011
  • SUSE-SR:2010:012
  • SUSE-SR:2010:013
  • SUSE-SR:2010:019
  • SUSE-SR:2010:024
  • SUSE-SU-2011:0847
  • openSUSE-SU-2011:0845
ubuntu
  • USN-1010-1
  • USN-923-1
  • USN-927-1
  • USN-927-4
  • USN-927-5
vupen
  • ADV-2009-3164
  • ADV-2009-3165
  • ADV-2009-3205
  • ADV-2009-3220
  • ADV-2009-3310
  • ADV-2009-3313
  • ADV-2009-3353
  • ADV-2009-3354
  • ADV-2009-3484
  • ADV-2009-3521
  • ADV-2009-3587
  • ADV-2010-0086
  • ADV-2010-0173
  • ADV-2010-0748
  • ADV-2010-0848
  • ADV-2010-0916
  • ADV-2010-0933
  • ADV-2010-0982
  • ADV-2010-0994
  • ADV-2010-1054
  • ADV-2010-1107
  • ADV-2010-1191
  • ADV-2010-1350
  • ADV-2010-1639
  • ADV-2010-1673
  • ADV-2010-1793
  • ADV-2010-2010
  • ADV-2010-2745
  • ADV-2010-3069
  • ADV-2010-3086
  • ADV-2010-3126
  • ADV-2011-0032
  • ADV-2011-0033
  • ADV-2011-0086
xf tls-renegotiation-weak-security(54158)
statements via4
contributor Tomas Hoger
lastmodified 2009-11-20
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491
Last major update 03-07-2019 - 17:25
Published 09-11-2009 - 17:30
Back to Top