CVE-2009-3555
기본정보
  • 공개일 : 2009-11-10
  • 변경일 : 2012-04-06
CVSS 평가
  • 위험도: 5.8
  • 액세스 벡터 : NETWORK
  • 액세스 복잡성 : 보통
  • 인증 : 없음
  • 기밀성 영향 : 없음
  • 무결성 영향 : 부분
  • 가용성 영향 : 부분
  • 출처 : http://nvd.nist.gov
  • 공개일 : 2009-11-10
설명

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
참조
취약 소프트웨어
  • openssl openssl 0.9.6a
  • openssl openssl 0.9.6
  • apache http_server 1.3.11
  • apache http_server 2.0.36
  • openssl openssl 0.9.7
  • gnu gnutls 2.6.2
  • apache http_server 1.3.2
  • openssl openssl 0.9.2b
  • gnu gnutls 1.0.25
  • gnu gnutls 1.0.23
  • apache http_server 1.0
  • apache http_server 1.3.13
  • gnu gnutls 1.1.17
  • openssl openssl 0.9.8f
  • gnu gnutls 2.4.1
  • gnu gnutls 2.6.5
  • openssl openssl 0.9.7h
  • openssl openssl 0.9.7d
  • mozilla nss 3.8
  • gnu gnutls 2.0.1
  • gnu gnutls 2.0.3
  • openssl openssl 0.9.6a
  • apache http_server 1.3.9
  • apache http_server 1.3.29
  • gnu gnutls 2.3.5
  • apache http_server 1.3.4
  • openssl openssl 0.9.6
  • openssl openssl 0.9.1c
  • gnu gnutls 1.7.18
  • apache http_server 2.2.7
  • gnu gnutls 2.2.3
  • apache http_server 2.1.5
  • apache http_server 2.0.32
  • gnu gnutls 2.1.2
  • apache http_server 1.0.2
  • gnu gnutls 2.3.2
  • gnu gnutls 2.3.8
  • apache http_server 2.0.46 win32
  • gnu gnutls 1.2.2
  • apache http_server 1.3
  • gnu gnutls 1.0.21
  • gnu gnutls 2.1.3
  • apache http_server 1.3.8
  • gnu gnutls 2.3.9
  • apache http_server 2.0.35
  • apache http_server 1.3.65
  • gnu gnutls 1.7.7
  • gnu gnutls 1.5.0
  • apache http_server 2.0.45
  • mozilla nss 3.6
  • gnu gnutls 1.7.2
  • gnu gnutls 2.1.8
  • apache http_server 1.2.5
  • openssl openssl 0.9.6f
  • gnu gnutls 2.2.1
  • gnu gnutls 2.1.7
  • gnu gnutls 1.7.19
  • mozilla nss 3.12.2
  • openssl openssl 0.9.6c
  • gnu gnutls 1.1.20
  • openssl openssl 0.9.3a
  • gnu gnutls 1.2.6
  • openssl openssl 0.9.5a
  • mozilla nss 3.4
  • openssl openssl 0.9.7g
  • openssl openssl 0.9.7a
  • apache http_server 2.0.42
  • openssl openssl 0.9.7
  • gnu gnutls 2.3.4
  • apache http_server 1.3.18
  • apache http_server 1.3.22
  • apache http_server 1.0.3
  • mozilla nss 3.5
  • gnu gnutls 1.2.9
  • openssl openssl 0.9.8b
  • apache http_server 1.3.38
  • gnu gnutls 1.1.22
  • openssl openssl 0.9.6m
  • apache http_server 2.0.50
  • mozilla nss 3.4.1
  • apache http_server 2.2.11
  • openssl openssl 0.9.8g
  • mozilla nss 3.3
  • gnu gnutls 2.6.4
  • apache http_server 2.2.3
  • apache http_server 1.2.4
  • gnu gnutls 2.4.0
  • gnu gnutls 1.3.5
  • mozilla nss 3.7.3
  • apache http_server 1.3.1.1
  • gnu gnutls 1.2.4
  • apache http_server 0.8.11
  • gnu gnutls 1.2.8
  • gnu gnutls 1.1.15
  • gnu gnutls 2.0.2
  • apache http_server 2.0.57
  • apache http_server 2.0.58 win32
  • apache http_server 1.3.28
  • gnu gnutls 1.2.5
  • apache http_server 2.1.3
  • openssl openssl 0.9.8h
  • apache http_server 2.1.1
  • mozilla nss 3.7.2
  • apache http_server 2.0.54
  • gnu gnutls 1.3.2
  • apache http_server 1.3.68
  • openssl openssl 0.9.5
  • mozilla nss 3.2
  • gnu gnutls 1.0.24
  • gnu gnutls 2.4.2
  • apache http_server 2.0.40
  • gnu gnutls 1.2.10
  • apache http_server 1.3.5
  • apache http_server 1.4.0
  • openssl openssl 0.9.6d
  • gnu gnutls 1.5.2
  • gnu gnutls 2.1.1
  • apache http_server 2.0.63
  • openssl openssl 0.9.7i
  • apache http_server 1.0.5
  • apache http_server 1.3.33
  • gnu gnutls 2.1.4
  • apache http_server 2.0.49
  • apache http_server 1.3.15
  • gnu gnutls 1.7.15
  • apache http_server 1.1.1
  • mozilla nss 3.10
  • openssl openssl 0.9.6g
  • gnu gnutls 1.1.21
  • openssl openssl 0.9.7c
  • apache http_server 2.0.60
  • apache http_server 1.3.0
  • gnu gnutls 1.6.0
  • gnu gnutls 2.2.5
  • gnu gnutls 2.2.0
  • mozilla nss 3.6.1
  • apache http_server 1.3.27
  • gnu gnutls 2.3.3
  • gnu gnutls 1.1.16
  • openssl openssl 0.9.7
  • openssl openssl 0.9.6k
  • apache http_server 1.2.6
  • gnu gnutls 1.7.6
  • openssl openssl 0.9.7l
  • gnu gnutls 1.4.5
  • apache http_server 1.3.37
  • apache http_server 1.3.7
  • openssl openssl 0.9.7m
  • gnu gnutls 2.1.5
  • apache http_server 2.0.32
  • apache http_server 0.8.14
  • mozilla nss 3.12
  • mozilla nss 3.2.1
  • mozilla nss 3.7.5
  • gnu gnutls 2.6.3
  • gnu gnutls 1.7.3
  • apache http_server 2.2.8
  • openssl openssl 0.9.7
  • mozilla nss 3.12.1
  • apache http_server 1.3.30
  • gnu gnutls 2.0.0
  • gnu gnutls 1.7.9
  • apache http_server 2.1.9
  • mozilla nss 3.9
  • apache http_server 2.0.39
  • mozilla nss 3.3.2
  • apache http_server 1.3.12
  • microsoft iis 7.0
  • apache http_server 1.3.26
  • gnu gnutls 1.2.7
  • mozilla nss 3.4.3
  • gnu gnutls 2.6.1
  • apache http_server 2.2.10
  • apache http_server 2.0.38
  • gnu gnutls 1.6.1
  • apache http_server 1.3.14
  • gnu gnutls 1.7.4
  • apache http_server 1.99
  • apache http_server 2.0.48
  • openssl openssl 0.9.6e
  • gnu gnutls 1.1.18
  • apache http_server 2.0.56
  • apache http_server 2.0.52
  • gnu gnutls 2.2.2
  • mozilla nss 3.7.1
  • gnu gnutls 2.6.6
  • gnu gnutls 2.3.7
  • apache http_server 2.2.6
  • apache http_server 2.0.44
  • openssl openssl 0.9.8e
  • openssl openssl 0.9.3
  • gnu gnutls 1.0.20
  • gnu gnutls 1.4.3
  • gnu gnutls 1.7.17
  • gnu gnutls 1.0.16
  • apache http_server 2.1.7
  • apache http_server 2.2.13
  • apache http_server 1.3.31
  • openssl openssl 0.9.4
  • openssl openssl 0.9.8c
  • gnu gnutls 1.0.22
  • gnu gnutls 1.2.11
  • openssl openssl 0.9.5
  • apache http_server 2.2.4
  • apache http_server 1.3.19
  • mozilla nss 3.11.7
  • apache http_server 2.0.28
  • apache http_server 1.3.34
  • apache http_server 1.3.24
  • gnu gnutls 1.5.3
  • apache http_server 2.0.55
  • gnu gnutls 1.5.5
  • gnu gnutls 2.1.0
  • gnu gnutls 2.8.1
  • gnu gnutls 1.7.8
  • gnu gnutls 1.7.11
  • gnu gnutls 1.7.13
  • gnu gnutls 1.2.1
  • openssl openssl 0.9.6a
  • openssl openssl 0.9.7
  • gnu gnutls 2.3.11
  • gnu gnutls 1.0.17
  • openssl openssl 0.9.5
  • apache http_server 2.0.47
  • apache http_server 2.0.28
  • apache http_server 1.3.35
  • apache http_server 2.2
  • gnu gnutls 1.1.14
  • gnu gnutls 2.3.0
  • apache http_server 2.0.37
  • gnu gnutls 1.7.0
  • gnu gnutls 1.4.4
  • gnu gnutls 1.2.0
  • gnu gnutls 1.1.13
  • gnu gnutls 1.3.0
  • openssl openssl 1.0 openvms
  • gnu gnutls 1.3.1
  • gnu gnutls 1.4.2
  • apache http_server 2.0.46
  • apache http_server 2.0.61
  • gnu gnutls 2.6.0
  • gnu gnutls 1.0.18
  • gnu gnutls 1.7.10
  • gnu gnutls 2.3.6
  • apache http_server 1.3.16
  • gnu gnutls 1.7.5
  • gnu gnutls 1.2.8.1a1
  • openssl openssl 0.9.6
  • gnu gnutls 1.5.1
  • gnu gnutls 2.5.0
  • mozilla nss 3.7.7
  • openssl openssl 0.9.7k
  • gnu gnutls 2.0.4
  • openssl openssl 0.9.6h
  • apache http_server 2.2.12
  • openssl openssl 0.9.7
  • gnu gnutls 2.8.0
  • mozilla nss 3.3.1
  • apache http_server 2.1.4
  • apache http_server 2.0.58
  • apache http_server 2.0.43
  • gnu gnutls 1.3.4
  • apache http_server 2.1.8
  • mozilla nss 3.0
  • apache http_server 2.1.2
  • gnu gnutls 2.1.6
  • openssl openssl 0.9.5a
  • openssl openssl 0.9.6i
  • apache http_server 2.2.5
  • apache http_server 1.3.6
  • apache http_server 1.3.17
  • apache http_server 1.3.36
  • apache http_server 2.2.2
  • openssl openssl 0.9.7e
  • mozilla nss 3.7
  • apache http_server 1.3.3
  • openssl openssl 0.9.7f
  • mozilla nss 3.4.2
  • gnu gnutls 1.7.16
  • apache http_server 1.3.39
  • openssl openssl 0.9.6a
  • gnu gnutls 1.4.0
  • gnu gnutls 1.2.3
  • openssl openssl 0.9.7b
  • gnu gnutls 1.1.19
  • apache http_server 1.3.23
  • mozilla nss 3.11.2
  • openssl openssl 0.9.6
  • mozilla nss 3.11.4
  • apache http_server 2.0.41
  • apache http_server 2.0.53
  • gnu gnutls 2.2.4
  • apache http_server 2.0.59
  • gnu gnutls 1.1.23
  • openssl openssl 0.9.6l
  • gnu gnutls 2.3.10
  • apache http_server 2.2.1
  • apache http_server 2.2.0
  • openssl openssl 0.9.5a
  • openssl openssl 0.9.6b
  • openssl openssl 0.9.6j
  • gnu gnutls 1.6.3
  • apache http_server 2.0
  • apache http_server 2.0.34
  • apache http_server 2.0.9
  • mozilla nss 3.9.5
  • apache http_server 1.2
  • gnu gnutls 1.3.3
  • apache http_server 2.0.51
  • gnu gnutls 1.7.1
  • openssl openssl 0.9.8
  • gnu gnutls 2.3.1
  • gnu gnutls 1.7.14
  • apache http_server 1.3.32
  • openssl openssl 0.9.8a
  • apache http_server 1.3.20
  • gnu gnutls 1.7.12
  • mozilla nss 3.11.8
  • apache http_server 2.1.6
  • gnu gnutls 1.4.1
  • openssl openssl 0.9.7j
  • gnu gnutls 1.0.19
  • apache http_server 1.3.25
  • gnu gnutls 1.5.4
  • gnu gnutls 1.6.2
  • apache http_server 1.3.7 dev
  • openssl openssl 0.9.8d
  • openssl openssl 0.9.7