CVE-2009-3555 (CNNVD-200911-069)
MEDIUM
有利用代码
中文标题:
Apache HTTP Server 信任管理问题漏洞
英文标题:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Infor...
CVSS分数:
5.8
发布时间:
2009-11-09 17:00:00
漏洞类型:
信任管理问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v5
漏洞描述
中文描述:
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.2.14及之前版本存在信任管理问题漏洞,该漏洞源于TLS协议和SSL协议实现模块没有适当将会话协商与现存连接关联,中间人攻击者可以通过发送一个未认证的请求,将数据注入到受TLS和SSL协议保护的HTTP会话和其它类型会话中。
英文描述:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CWE类型:
CWE-295
标签:
remote
multiple
Dan Kaminsky
OSVDB-59970
RedTeam Pentesting
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| apache | http_server | * | - | - |
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
|
| gnu | gnutls | * | - | - |
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
|
| mozilla | nss | * | - | - |
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
|
| openssl | openssl | * | - | - |
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
|
| openssl | openssl | 1.0 | - | - |
cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*
|
| canonical | ubuntu_linux | 8.04 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
|
| canonical | ubuntu_linux | 8.10 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 9.04 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 9.10 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 10.04 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
|
| canonical | ubuntu_linux | 10.10 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
|
| debian | debian_linux | 4.0 | - | - |
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 5.0 | - | - |
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 6.0 | - | - |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 7.0 | - | - |
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 8.0 | - | - |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 11 | - | - |
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 12 | - | - |
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 13 | - | - |
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 14 | - | - |
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
|
| f5 | nginx | * | - | - |
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
APPLE-SA-2010-05-18-1
vendor-advisory
cve.org
访问
cve.org
1023427
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
62210
vdb-entry
cve.org
访问
cve.org
37640
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
ADV-2010-0916
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2010:0167
vendor-advisory
cve.org
访问
cve.org
ADV-2010-2010
vdb-entry
cve.org
访问
cve.org
FEDORA-2009-12750
vendor-advisory
cve.org
访问
cve.org
ADV-2010-0086
vdb-entry
cve.org
访问
cve.org
ADV-2010-1673
vdb-entry
cve.org
访问
cve.org
[tls] 20091104 TLS renegotiation issue
mailing-list
cve.org
访问
cve.org
37656
third-party-advisory
cve.org
访问
cve.org
RHSA-2010:0865
vendor-advisory
cve.org
访问
cve.org
39628
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
42724
third-party-advisory
cve.org
访问
cve.org
ADV-2009-3310
vdb-entry
cve.org
访问
cve.org
ADV-2009-3205
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
39461
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
GLSA-201406-32
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
1023204
vdb-entry
cve.org
访问
cve.org
40866
third-party-advisory
cve.org
访问
cve.org
HPSBMU02799
vendor-advisory
cve.org
访问
cve.org
TA10-222A
third-party-advisory
cve.org
访问
cve.org
1023211
vdb-entry
cve.org
访问
cve.org
SSRT090249
vendor-advisory
cve.org
访问
cve.org
39317
third-party-advisory
cve.org
访问
cve.org
1023212
vdb-entry
cve.org
访问
cve.org
SUSE-SA:2010:061
vendor-advisory
cve.org
访问
cve.org
39127
third-party-advisory
cve.org
访问
cve.org
40545
third-party-advisory
cve.org
访问
cve.org
ADV-2010-3069
vdb-entry
cve.org
访问
cve.org
[4.5] 010: SECURITY FIX: November 26, 2009
vendor-advisory
cve.org
访问
cve.org
1023210
vdb-entry
cve.org
访问
cve.org
1023270
vdb-entry
cve.org
访问
cve.org
40070
third-party-advisory
cve.org
访问
cve.org
1023273
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
USN-927-5
vendor-advisory
cve.org
访问
cve.org
PM12247
vendor-advisory
cve.org
访问
cve.org
SUSE-SU-2011:0847
vendor-advisory
cve.org
访问
cve.org
MDVSA-2010:089
vendor-advisory
cve.org
访问
cve.org
RHSA-2010:0770
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
1023275
vdb-entry
cve.org
访问
cve.org
DSA-3253
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3484
vdb-entry
cve.org
访问
cve.org
1023207
vdb-entry
cve.org
访问
cve.org
37859
third-party-advisory
cve.org
访问
cve.org
SSRT101846
vendor-advisory
cve.org
访问
cve.org
1021752
vendor-advisory
cve.org
访问
cve.org
FEDORA-2010-6131
vendor-advisory
cve.org
访问
cve.org
ADV-2010-0848
vdb-entry
cve.org
访问
cve.org
[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
mailing-list
cve.org
访问
cve.org
39819
third-party-advisory
cve.org
访问
cve.org
IC68055
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
60521
vdb-entry
cve.org
访问
cve.org
[oss-security] 20091123 Re: CVEs for nginx
mailing-list
cve.org
访问
cve.org
VU#120541
third-party-advisory
cve.org
访问
cve.org
1023217
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0768
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3353
vdb-entry
cve.org
访问
cve.org
FEDORA-2010-5357
vendor-advisory
cve.org
访问
cve.org
39136
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
ADV-2011-0032
vdb-entry
cve.org
访问
cve.org
1023148
vdb-entry
cve.org
访问
cve.org
openSUSE-SU-2011:0845
vendor-advisory
cve.org
访问
cve.org
36935
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
SSRT090208
vendor-advisory
cve.org
访问
cve.org
ADV-2010-1107
vdb-entry
cve.org
访问
cve.org
1023218
vdb-entry
cve.org
访问
cve.org
ADV-2010-1350
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0338
vendor-advisory
cve.org
访问
cve.org
42379
third-party-advisory
cve.org
访问
cve.org
FEDORA-2009-12775
vendor-advisory
cve.org
访问
cve.org
20091109 Transport Layer Security Renegotiation Vulnerability
vendor-advisory
cve.org
访问
cve.org
IC67848
vendor-advisory
cve.org
访问
cve.org
1023213
vdb-entry
cve.org
访问
cve.org
FEDORA-2010-16240
vendor-advisory
cve.org
访问
cve.org
ADV-2010-1793
vdb-entry
cve.org
访问
cve.org
oval:org.mitre.oval:def:11617
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
37292
third-party-advisory
cve.org
访问
cve.org
SSRT100817
vendor-advisory
cve.org
访问
cve.org
tls-renegotiation-weak-security(54158)
vdb-entry
cve.org
访问
cve.org
APPLE-SA-2010-05-18-2
vendor-advisory
cve.org
访问
cve.org
39278
third-party-advisory
cve.org
访问
cve.org
1023205
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0130
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
1023215
vdb-entry
cve.org
访问
cve.org
USN-1010-1
vendor-advisory
cve.org
访问
cve.org
1023206
vdb-entry
cve.org
访问
cve.org
SUSE-SR:2010:011
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
GLSA-200912-01
vendor-advisory
cve.org
访问
cve.org
SSRT090180
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3313
vdb-entry
cve.org
访问
cve.org
274990
vendor-advisory
cve.org
访问
cve.org
1023208
vdb-entry
cve.org
访问
cve.org
43308
third-party-advisory
cve.org
访问
cve.org
1023214
vdb-entry
cve.org
访问
cve.org
SUSE-SA:2009:057
vendor-advisory
cve.org
访问
cve.org
38781
third-party-advisory
cve.org
访问
cve.org
HPSBOV02762
vendor-advisory
cve.org
访问
cve.org
DSA-1934
vendor-advisory
cve.org
访问
cve.org
FEDORA-2009-12782
vendor-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:7478
vdb-entry
cve.org
访问
cve.org
1023271
vdb-entry
cve.org
访问
cve.org
APPLE-SA-2010-01-19-1
vendor-advisory
cve.org
访问
cve.org
[cryptography] 20091105 OpenSSL 0.9.8l released
mailing-list
cve.org
访问
cve.org
42467
third-party-advisory
cve.org
访问
cve.org
20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
mailing-list
cve.org
访问
cve.org
oval:org.mitre.oval:def:7315
vdb-entry
cve.org
访问
cve.org
1023224
vdb-entry
cve.org
访问
cve.org
SUSE-SR:2010:013
vendor-advisory
cve.org
访问
cve.org
USN-927-4
vendor-advisory
cve.org
访问
cve.org
41490
third-party-advisory
cve.org
访问
cve.org
20091124 rPSA-2009-0155-1 httpd mod_ssl
mailing-list
cve.org
访问
cve.org
1023243
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
37504
third-party-advisory
cve.org
访问
cve.org
1023219
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
1023163
vdb-entry
cve.org
访问
cve.org
HPSBHF02706
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3521
vdb-entry
cve.org
访问
cve.org
oval:org.mitre.oval:def:7973
vdb-entry
cve.org
访问
cve.org
HPSBMA02568
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
oval:org.mitre.oval:def:10088
vdb-entry
cve.org
访问
cve.org
44183
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
42808
third-party-advisory
cve.org
访问
cve.org
39500
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:11578
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
ADV-2009-3220
vdb-entry
cve.org
访问
cve.org
SSRT100179
vendor-advisory
cve.org
访问
cve.org
SSRT100089
vendor-advisory
cve.org
访问
cve.org
RHSA-2010:0165
vendor-advisory
cve.org
访问
cve.org
20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
mailing-list
cve.org
访问
cve.org
RHSA-2010:0987
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
1023411
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0339
vendor-advisory
cve.org
访问
cve.org
RHSA-2010:0986
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3164
vdb-entry
cve.org
访问
cve.org
37383
third-party-advisory
cve.org
访问
cve.org
FEDORA-2009-12229
vendor-advisory
cve.org
访问
cve.org
44954
third-party-advisory
cve.org
访问
cve.org
[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
40747
third-party-advisory
cve.org
访问
cve.org
HPSBUX02498
vendor-advisory
cve.org
访问
cve.org
39292
third-party-advisory
cve.org
访问
cve.org
42816
third-party-advisory
cve.org
访问
cve.org
IC68054
vendor-advisory
cve.org
访问
cve.org
273029
vendor-advisory
cve.org
访问
cve.org
FEDORA-2009-12604
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
20091118 TLS / SSLv3 vulnerability explained (DRAFT)
mailing-list
cve.org
访问
cve.org
1023209
vdb-entry
cve.org
访问
cve.org
PM00675
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
48577
third-party-advisory
cve.org
访问
cve.org
SSA:2009-320-01
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
RHSA-2011:0880
vendor-advisory
cve.org
访问
cve.org
SUSE-SR:2010:008
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
mailing-list
cve.org
访问
cve.org
FEDORA-2009-12305
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
SUSE-SR:2010:012
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
37501
third-party-advisory
cve.org
访问
cve.org
MDVSA-2010:076
vendor-advisory
cve.org
访问
cve.org
HPSBUX02517
vendor-advisory
cve.org
访问
cve.org
ADV-2009-3587
vdb-entry
cve.org
访问
cve.org
39632
third-party-advisory
cve.org
访问
cve.org
38687
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
MS10-049
vendor-advisory
cve.org
访问
cve.org
ADV-2010-0982
vdb-entry
cve.org
访问
cve.org
37399
third-party-advisory
cve.org
访问
cve.org
USN-927-1
vendor-advisory
cve.org
访问
cve.org
1023272
vdb-entry
cve.org
访问
cve.org
FEDORA-2009-12606
vendor-advisory
cve.org
访问
cve.org
ADV-2010-3126
vdb-entry
cve.org
访问
cve.org
37320
third-party-advisory
cve.org
访问
cve.org
ADV-2009-3165
vdb-entry
cve.org
访问
cve.org
ADV-2010-1639
vdb-entry
cve.org
访问
cve.org
38020
third-party-advisory
cve.org
访问
cve.org
USN-923-1
vendor-advisory
cve.org
访问
cve.org
39243
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:8366
vdb-entry
cve.org
访问
cve.org
37453
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
ADV-2010-0933
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
41972
third-party-advisory
cve.org
访问
cve.org
ADV-2010-3086
vdb-entry
cve.org
访问
cve.org
DSA-2141
vendor-advisory
cve.org
访问
cve.org
1024789
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0155
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
ADV-2011-0033
vdb-entry
cve.org
访问
cve.org
RHSA-2010:0337
vendor-advisory
cve.org
访问
cve.org
1023216
vdb-entry
cve.org
访问
cve.org
41480
third-party-advisory
cve.org
访问
cve.org
ADV-2011-0086
vdb-entry
cve.org
访问
cve.org
41818
third-party-advisory
cve.org
访问
cve.org
37604
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
mailing-list
cve.org
访问
cve.org
SUSE-SR:2010:024
vendor-advisory
cve.org
访问
cve.org
TA10-287A
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
RHSA-2010:0119
vendor-advisory
cve.org
访问
cve.org
38056
third-party-advisory
cve.org
访问
cve.org
ADV-2010-0748
vdb-entry
cve.org
访问
cve.org
37675
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:8535
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2010:0786
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
38003
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
1023428
vdb-entry
cve.org
访问
cve.org
[oss-security] 20091120 CVEs for nginx
mailing-list
cve.org
访问
cve.org
ADV-2009-3354
vdb-entry
cve.org
访问
cve.org
1023274
vdb-entry
cve.org
访问
cve.org
FEDORA-2009-12968
vendor-advisory
cve.org
访问
cve.org
39242
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
38241
third-party-advisory
cve.org
访问
cve.org
42377
third-party-advisory
cve.org
访问
cve.org
GLSA-201203-22
vendor-advisory
cve.org
访问
cve.org
[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
mailing-list
cve.org
访问
cve.org
SUSE-SR:2010:019
vendor-advisory
cve.org
访问
cve.org
60972
vdb-entry
cve.org
访问
cve.org
1023426
vdb-entry
cve.org
访问
cve.org
38484
third-party-advisory
cve.org
访问
cve.org
MDVSA-2010:084
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
1021653
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
mailing-list
cve.org
访问
cve.org
[4.6] 004: SECURITY FIX: November 26, 2009
vendor-advisory
cve.org
访问
cve.org
41967
third-party-advisory
cve.org
访问
cve.org
RHSA-2010:0807
vendor-advisory
cve.org
访问
cve.org
ADV-2010-1191
vdb-entry
cve.org
访问
cve.org
20091111 Re: SSL/TLS MiTM PoC
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
mailing-list
cve.org
访问
cve.org
39713
third-party-advisory
cve.org
访问
cve.org
42733
third-party-advisory
cve.org
访问
cve.org
37291
third-party-advisory
cve.org
访问
cve.org
FEDORA-2010-16312
vendor-advisory
cve.org
访问
cve.org
FEDORA-2010-5942
vendor-advisory
cve.org
访问
cve.org
ADV-2010-2745
vdb-entry
cve.org
访问
cve.org
273350
vendor-advisory
cve.org
访问
cve.org
ADV-2010-0994
vdb-entry
cve.org
访问
cve.org
ADV-2010-0173
vdb-entry
cve.org
访问
cve.org
ADV-2010-1054
vdb-entry
cve.org
访问
cve.org
65202
vdb-entry
cve.org
访问
cve.org
HPSBGN02562
vendor-advisory
cve.org
访问
cve.org
FEDORA-2010-16294
vendor-advisory
cve.org
访问
cve.org
[gnutls-devel] 20091105 Re: TLS renegotiation MITM
mailing-list
cve.org
访问
cve.org
20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
42811
third-party-advisory
cve.org
访问
cve.org
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
cve.org
访问
cve.org
[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
cve.org
访问
cve.org
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
mailing-list
cve.org
访问
cve.org
[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/
mailing-list
cve.org
访问
cve.org
ExploitDB EDB-10071
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-10071
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2009-3555
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-10579
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-10579
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
5.8
MEDIUM
CVSS向量:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS版本:
2.0
机密性
NONE
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2009-11-09 17:00:00
修改时间:
2024-08-07 06:31:10
创建时间:
2025-11-11 15:33:03
更新时间:
2025-11-11 16:01:06
利用信息
此漏洞有可利用代码!
利用代码数量:
2
利用来源:
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2009-3555 |
2025-11-11 15:18:12 | 2025-11-11 07:33:03 |
| NVD | nvd_CVE-2009-3555 |
2025-11-11 14:53:01 | 2025-11-11 07:41:51 |
| CNNVD | cnnvd_CNNVD-200911-069 |
2025-11-11 15:09:07 | 2025-11-11 07:49:39 |
| EXPLOITDB | exploitdb_EDB-10071 |
2025-11-11 15:05:28 | 2025-11-11 08:00:27 |
| EXPLOITDB | exploitdb_EDB-10579 |
2025-11-11 15:05:28 | 2025-11-11 08:01:06 |
版本与语言
当前版本:
v5
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v5
EXPLOITDB
2025-11-11 16:01:06
references_count: 301 → 303; tags_count: 4 → 5
查看详细变更
- references_count: 301 -> 303
- tags_count: 4 -> 5
v4
EXPLOITDB
2025-11-11 16:00:27
references_count: 298 → 301; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 298 -> 301
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:49:39
vulnerability_type: 未提取 → 信任管理问题; cnnvd_id: 未提取 → CNNVD-200911-069; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 信任管理问题
- cnnvd_id: 未提取 -> CNNVD-200911-069
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:51
cvss_score: 未提取 → 5.8; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:N/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 21; references_count: 310 → 298; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.8
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:N/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 21
- references_count: 310 -> 298
- data_sources: ['cve'] -> ['cve', 'nvd']