U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.

CVE-2009-3555 Detail

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.


Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  N/A
NVD score not yet provided.


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have not published a CVSS score for this CVE at this time. NVD Analysts use publicly available information at the time of analysis to associate CVSS vector strings.

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html Broken Link 
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html Third Party Advisory 
http://blogs.iss.net/archive/sslmitmiscsrf.html Broken Link 
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during Third Party Advisory 
http://clicky.me/tlsvuln Exploit  Third Party Advisory 
http://extendedsubset.com/?p=8 Broken Link 
http://extendedsubset.com/Renegotiating_TLS.pdf Broken Link 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 Broken Link 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 Broken Link 
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link 
http://kbase.redhat.com/faq/docs/DOC-20491 Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html Mailing List  Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Mailing List  Third Party Advisory 
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html Mailing List  Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html Third Party Advisory 
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html Third Party Advisory 
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=126150535619567&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=127128920008563&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=127419602507642&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=130497311408250&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=133469267822771&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory 
http://marc.info/?l=cryptography&m=125752275331877&w=2 Third Party Advisory 
http://openbsd.org/errata45.html#010_openssl Third Party Advisory 
http://openbsd.org/errata46.html#004_openssl Third Party Advisory 
http://seclists.org/fulldisclosure/2009/Nov/139 Mailing List  Third Party Advisory 
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory 
http://security.gentoo.org/glsa/glsa-201203-22.xml Third Party Advisory 
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory 
http://securitytracker.com/id?1023148 Third Party Advisory  VDB Entry 
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 Third Party Advisory 
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 Broken Link 
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 Broken Link 
http://support.apple.com/kb/HT4004 Third Party Advisory 
http://support.apple.com/kb/HT4170 Third Party Advisory 
http://support.apple.com/kb/HT4171 Third Party Advisory 
http://support.avaya.com/css/P8/documents/100070150 Third Party Advisory 
http://support.avaya.com/css/P8/documents/100081611 Third Party Advisory 
http://support.avaya.com/css/P8/documents/100114315 Third Party Advisory 
http://support.avaya.com/css/P8/documents/100114327 Third Party Advisory 
http://support.citrix.com/article/CTX123359 Third Party Advisory 
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES Broken Link 
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released Broken Link 
http://sysoev.ru/nginx/patch.cve-2009-3555.txt Broken Link 
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html Broken Link 
http://ubuntu.com/usn/usn-923-1 Third Party Advisory 
http://wiki.rpath.com/Advisories:rPSA-2009-0155 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 Third Party Advisory 
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only Third Party Advisory 
http://www.arubanetworks.com/support/alerts/aid-020810.txt Broken Link 
http://www.betanews.com/article/1257452450 Third Party Advisory 
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml Third Party Advisory 
http://www.debian.org/security/2009/dsa-1934 Third Party Advisory 
http://www.debian.org/security/2011/dsa-2141 Third Party Advisory 
http://www.debian.org/security/2015/dsa-3253 Third Party Advisory 
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html Third Party Advisory 
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html Third Party Advisory 
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html Third Party Advisory 
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Third Party Advisory 
http://www.ingate.com/Relnote.php?ver=481 Third Party Advisory 
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 Third Party Advisory 
http://www.kb.cert.org/vuls/id/120541 Third Party Advisory  US Government Resource 
http://www.links.org/?p=780 Third Party Advisory 
http://www.links.org/?p=786 Third Party Advisory 
http://www.links.org/?p=789 Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 Broken Link 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Broken Link 
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 Broken Link 
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html Third Party Advisory 
http://www.openoffice.org/security/cves/CVE-2009-3555.html Third Party Advisory 
http://www.openssl.org/news/secadv_20091111.txt Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/05/3 Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/05/5 Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/06/3 Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/07/3 Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/20/1 Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2009/11/23/10 Mailing List  Third Party Advisory 
http://www.opera.com/docs/changelogs/unix/1060/ Third Party Advisory 
http://www.opera.com/support/search/view/944/ Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html Third Party Advisory 
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c Broken Link 
http://www.redhat.com/support/errata/RHSA-2010-0119.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0130.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0155.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0165.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0167.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0337.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0338.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0339.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0768.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0770.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0786.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0807.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0865.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0986.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2010-0987.html Third Party Advisory 
http://www.redhat.com/support/errata/RHSA-2011-0880.html Third Party Advisory 
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html Third Party Advisory 
http://www.securityfocus.com/archive/1/507952/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/508075/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/508130/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/515055/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/516397/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/522176 Third Party Advisory  VDB Entry 
http://www.securityfocus.com/bid/36935 Exploit  Patch  Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023163 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023204 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023205 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023206 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023207 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023208 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023209 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023210 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023211 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023212 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023213 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023214 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023215 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023216 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023217 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023218 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023219 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023224 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023243 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023270 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023271 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023272 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023273 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023274 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023275 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023411 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023426 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023427 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1023428 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id?1024789 Third Party Advisory  VDB Entry 
http://www.tombom.co.uk/blog/?p=85 Broken Link 
http://www.ubuntu.com/usn/USN-1010-1 Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-1 Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-4 Third Party Advisory 
http://www.ubuntu.com/usn/USN-927-5 Third Party Advisory 
http://www.us-cert.gov/cas/techalerts/TA10-222A.html Third Party Advisory  US Government Resource 
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory  US Government Resource 
http://www.vmware.com/security/advisories/VMSA-2010-0019.html Third Party Advisory 
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory 
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3164 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3165 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3205 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3220 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3310 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3313 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3353 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3354 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3484 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3521 Third Party Advisory 
http://www.vupen.com/english/advisories/2009/3587 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0086 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0173 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0748 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0848 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0916 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0933 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0982 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/0994 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1054 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1107 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1191 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1350 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1639 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1673 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/1793 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/2010 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/2745 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3069 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3086 Third Party Advisory 
http://www.vupen.com/english/advisories/2010/3126 Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0032 Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0033 Third Party Advisory 
http://www.vupen.com/english/advisories/2011/0086 Third Party Advisory 
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html Exploit  Third Party Advisory 
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 Issue Tracking  Third Party Advisory 
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 Issue Tracking  Third Party Advisory 
https://bugzilla.redhat.com/show_bug.cgi?id=533125 Issue Tracking  Third Party Advisory 
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 Patch  Vendor Advisory 
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 Third Party Advisory  VDB Entry 
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory 
https://kb.bluecoat.com/index?page=content&id=SA50 Third Party Advisory 
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 Third Party Advisory 
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 Third Party Advisory 
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html Third Party Advisory 
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html Third Party Advisory 
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-295 Improper Certificate Validation cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

21 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2009-3555
NVD Published Date:
11/09/2009
NVD Last Modified:
02/12/2023
Source:
Red Hat, Inc.