Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a machine-in-the-middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user’s session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibnss3-1d< 3.12.6-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-0d< 3.12.6-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-1d-dbg< 3.12.6-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-dev< 3.12.6-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-tools< 3.12.6-0ubuntu0.9.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	libnss3-1d	< 3.12.6-0ubuntu0.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	libnss3-0d	< 3.12.6-0ubuntu0.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	libnss3-1d-dbg	< 3.12.6-0ubuntu0.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	libnss3-dev	< 3.12.6-0ubuntu0.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	libnss3-tools	< 3.12.6-0ubuntu0.9.10.1	UNKNOWN

References

ubuntu.com/security/CVE-2009-3555

nessus 66

openvas 63

fedora 10

altlinux 4

redhat 3

debian 6

seebug 4

suse 1

securityvulns 7

cve 1

ubuntu 4

mozilla 1

hackerone 2

slackware 1

oraclelinux 2

centos 2

cisco 2

veracode 1

fortinet 1

checkpoint_advisories 3

nginx 1

github 1

ibm 1

prion 1

packetstorm 1

exploitpack 1

f5 2

cert 1

openssl 1

debiancve 1

osv 1

ubuntucve 1

freebsd_advisory 1

exploitdb 1

nessus

Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)

2009-12-18 00:00:00

Solaris 10 (sparc) : 145102-01

2018-03-12 00:00:00

Ubuntu 8.04 LTS : nss vulnerability (USN-927-4)

2010-06-30 00:00:00

openvas

CentOS Update for nspr CESA-2010:0165 centos4 i386

2010-03-31 00:00:00

Fedora Core 12 FEDORA-2009-12968 (nss-util)

2009-12-14 00:00:00

SLES9: Security update for OpenSSL

2009-11-23 00:00:00

fedora

[SECURITY] Fedora 12 Update: nss-3.12.6-1.2.fc12

2010-03-12 04:18:37

[SECURITY] Fedora 12 Update: gnutls-2.8.6-2.fc12

2010-06-25 18:15:19

[SECURITY] Fedora 11 Update: nss-3.12.6-1.2.fc11

2010-03-23 02:03:18

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1

2009-11-07 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1

2009-11-07 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.8l-alt1

2009-11-07 00:00:00

redhat

(RHSA-2010:0164) Moderate: openssl097a security update

2010-03-25 00:00:00

(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update

2010-03-17 00:00:00

(RHSA-2010:0165) Moderate: nss security update

2010-03-25 00:00:00

debian

[SECURITY] [DSA-2141-4] New lighttpd packages fix regression

2011-01-12 18:51:18

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

2011-01-05 23:20:31

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

2011-01-05 23:20:31

seebug

ProFTPD TLS会话重协商明文数据注入漏洞

2009-12-15 00:00:00

Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability

2009-11-10 00:00:00

TLS Renegotiation Vulnerability PoC Exploit

2009-12-21 00:00:00

suse

man-in-the-middle attack in openssl

2009-11-18 09:50:39

securityvulns

Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability

2009-11-11 00:00:00

[ MDVSA-2009:337 ] proftpd

2009-12-22 00:00:00

[ MDVSA-2009:295 ] apache

2009-11-09 00:00:00

cve

CVE-2009-3555

2009-11-09 17:30:00

ubuntu

Apache vulnerability

2010-09-21 00:00:00

NSS vulnerability

2010-07-23 00:00:00

nss vulnerability

2010-06-29 00:00:00

mozilla

Update NSS to support TLS renegotiation indication — Mozilla

2010-03-30 00:00:00

hackerone

LocalTapiola: Secure Client-Initiated Renegotiation

2017-12-27 15:57:52

Slack: TLS1/SSLv3 Renegotiation Vulnerability

2014-04-02 13:01:00

slackware

openssl

2009-11-16 13:42:36

oraclelinux

openssl097a security update

2010-03-25 00:00:00

nss security update

2010-03-25 00:00:00

centos

openssl097a security update

2010-03-27 17:44:36

nspr, nss security update

2010-03-28 15:36:50

cisco

Transport Layer Security Renegotiation Vulnerability

2009-11-09 13:00:00

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

2009-11-05 19:53:52

veracode

Man-in-the-Middle (MitM)

2020-04-10 00:36:56

fortinet

FortiOS SSL Deep-Inspection possible Insecure Renegotiation

2017-11-03 00:00:00

checkpoint_advisories

Preemptive Protection against TLS and SSL Spoofing Vulnerability

2010-02-09 00:00:00

TLS Client Initiated Renegotiation (CVE-2009-3555)

2009-11-23 00:00:00

TLS Renegotiation (CVE-2009-3555)

2009-11-22 00:00:00

nginx

The renegotiation vulnerability in SSL protocol

2009-11-09 17:30:00

github

Apache Tomcat affected by vulnerability in TLS and SSL protocol

2022-05-02 03:46:22

ibm

Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555)

2020-06-23 08:41:14

prion

Cross site request forgery (csrf)

2009-11-09 17:30:00

packetstorm

TLS Renegotiation Exploit

2009-12-21 00:00:00

exploitpack

TLS - Renegotiation

2009-12-21 00:00:00

SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541

2009-11-05 00:00:00

K10737 : SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541

2013-07-05 00:00:00

cert

SSL and TLS protocols renegotiation vulnerability

2009-11-11 00:00:00

openssl

Vulnerability in OpenSSL CVE-2009-3555

2009-11-05 00:00:00

debiancve

CVE-2009-3555

2009-11-09 17:30:00

osv

Apache Tomcat affected by vulnerability in TLS and SSL protocol

2022-05-02 03:46:22

ubuntucve

CVE-2009-3555

2009-11-09 00:00:00

freebsd_advisory

FreeBSD-SA-09:15.ssl

2009-12-03 00:00:00

exploitdb

TLS - Renegotiation

2009-12-21 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.8 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

64.3%

JSON

Related for USN-927-1