Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jau7-gfz8-dkfa
Vulnerability ID VCID-jau7-gfz8-dkfa
Aliases CVE-2009-3555
GHSA-f7w7-6pjc-wwm6
VU#120541
Summary The renegotiation vulnerability in SSL protocol
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-295 Improper Certificate Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-300 Channel Accessible by Non-Endpoint
System Score Found at
generic_textual MODERATE http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
generic_textual MODERATE http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
generic_textual MODERATE http://blogs.iss.net/archive/sslmitmiscsrf.html
generic_textual MODERATE http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
generic_textual MODERATE http://clicky.me/tlsvuln
generic_textual MODERATE http://extendedsubset.com/?p=8
generic_textual MODERATE http://extendedsubset.com/Renegotiating_TLS.pdf
generic_textual MODERATE http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
generic_textual MODERATE http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
generic_textual MODERATE http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
generic_textual MODERATE http://kbase.redhat.com/faq/docs/DOC-20491
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
generic_textual MODERATE http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
generic_textual MODERATE http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=126150535619567&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=127128920008563&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=127419602507642&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=127557596201693&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=132077688910227&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=133469267822771&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254866602253&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=142660345230545&w=2
generic_textual MODERATE http://marc.info/?l=cryptography&m=125752275331877&w=2
generic_textual MODERATE http://openbsd.org/errata45.html#010_openssl
generic_textual MODERATE http://openbsd.org/errata46.html#004_openssl
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2009:1579
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2009:1580
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2009:1694
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0011
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0119
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0130
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0155
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0162
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0163
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0164
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0165
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0166
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0167
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0337
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0338
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0339
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0408
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0440
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0768
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0770
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0786
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0807
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0865
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0986
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2010:0987
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2011:0880
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2015:1591
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2009-3555
epss 0.01971 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.01971 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.01971 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02025 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02025 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
epss 0.02288 https://api.first.org/data/v1/epss?cve=CVE-2009-3555
generic_textual MODERATE https://bugzilla.mozilla.org/show_bug.cgi?id=526689
generic_textual MODERATE https://bugzilla.mozilla.org/show_bug.cgi?id=545755
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=533125
generic_textual MODERATE https://bz.apache.org/bugzilla/show_bug.cgi?id=50325
generic_textual MODERATE https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
generic_textual MODERATE http://seclists.org/fulldisclosure/2009/Nov/139
generic_textual MODERATE http://security.gentoo.org/glsa/glsa-200912-01.xml
generic_textual MODERATE http://security.gentoo.org/glsa/glsa-201203-22.xml
generic_textual MODERATE http://security.gentoo.org/glsa/glsa-201406-32.xml
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d
generic_textual MODERATE https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3
generic_textual MODERATE https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701
generic_textual MODERATE https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02
generic_textual MODERATE https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3
generic_textual MODERATE https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d
generic_textual MODERATE https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366
generic_textual MODERATE https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
generic_textual MODERATE https://kb.bluecoat.com/index?page=content&id=SA50
generic_textual MODERATE http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
generic_textual MODERATE https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>
generic_textual MODERATE https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>
generic_textual MODERATE https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>
generic_textual MODERATE https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2009-3555
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535
generic_textual MODERATE https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
generic_textual MODERATE https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
generic_textual MODERATE https://tomcat.apache.org/security-5.html
generic_textual MODERATE https://tomcat.apache.org/security-6.html
generic_textual MODERATE https://tomcat.apache.org/security-7.html
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
generic_textual MODERATE http://support.apple.com/kb/HT4004
generic_textual MODERATE http://support.apple.com/kb/HT4170
generic_textual MODERATE http://support.apple.com/kb/HT4171
generic_textual MODERATE http://support.avaya.com/css/P8/documents/100070150
generic_textual MODERATE http://support.avaya.com/css/P8/documents/100081611
generic_textual MODERATE http://support.avaya.com/css/P8/documents/100114315
generic_textual MODERATE http://support.avaya.com/css/P8/documents/100114327
generic_textual MODERATE http://support.citrix.com/article/CTX123359
generic_textual MODERATE http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
generic_textual MODERATE http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
generic_textual low https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
generic_textual MODERATE http://sysoev.ru/nginx/patch.cve-2009-3555.txt
generic_textual MODERATE http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
generic_textual MODERATE http://ubuntu.com/usn/usn-923-1
generic_textual MODERATE http://wiki.rpath.com/Advisories:rPSA-2009-0155
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg21426108
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg21432298
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg24006386
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg24025312
generic_textual MODERATE http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
generic_textual MODERATE http://www.arubanetworks.com/support/alerts/aid-020810.txt
generic_textual MODERATE http://www.betanews.com/article/1257452450
generic_textual MODERATE http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
generic_textual MODERATE http://www.debian.org/security/2009/dsa-1934
generic_textual MODERATE http://www.debian.org/security/2011/dsa-2141
generic_textual MODERATE http://www.debian.org/security/2015/dsa-3253
generic_textual MODERATE http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
generic_textual MODERATE http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
generic_textual MODERATE http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
generic_textual MODERATE http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
generic_textual MODERATE http://www.ingate.com/Relnote.php?ver=481
generic_textual MODERATE http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
generic_textual MODERATE http://www.kb.cert.org/vuls/id/120541
generic_textual MODERATE http://www.links.org/?p=780
generic_textual MODERATE http://www.links.org/?p=786
generic_textual MODERATE http://www.links.org/?p=789
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
generic_textual MODERATE http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
generic_textual MODERATE http://www.openoffice.org/security/cves/CVE-2009-3555.html
generic_textual MODERATE http://www.openssl.org/news/secadv_20091111.txt
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/05/3
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/05/5
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/06/3
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/07/3
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/20/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/11/23/10
generic_textual MODERATE http://www.opera.com/docs/changelogs/unix/1060
generic_textual MODERATE http://www.opera.com/support/search/view/944
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
generic_textual MODERATE http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0119.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0130.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0155.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0165.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0167.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0337.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0338.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0339.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0768.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0770.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0786.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0807.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0865.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0986.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0987.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2011-0880.html
generic_textual MODERATE http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
generic_textual MODERATE http://www.tombom.co.uk/blog/?p=85
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1010-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-927-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-927-4
generic_textual MODERATE http://www.ubuntu.com/usn/USN-927-5
generic_textual MODERATE http://www.us-cert.gov/cas/techalerts/TA10-222A.html
generic_textual MODERATE http://www.us-cert.gov/cas/techalerts/TA10-287A.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2010-0019.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2011-0003.html
generic_textual MODERATE http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
http://clicky.me/tlsvuln
http://extendedsubset.com/?p=8
http://extendedsubset.com/Renegotiating_TLS.pdf
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://kbase.redhat.com/faq/docs/DOC-20491
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
http://marc.info/?l=bugtraq&m=126150535619567&w=2
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://marc.info/?l=bugtraq&m=127419602507642&w=2
http://marc.info/?l=bugtraq&m=127557596201693&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=132077688910227&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=cryptography&m=125752275331877&w=2
http://openbsd.org/errata45.html#010_openssl
http://openbsd.org/errata46.html#004_openssl
https://access.redhat.com/errata/RHSA-2009:1579
https://access.redhat.com/errata/RHSA-2009:1580
https://access.redhat.com/errata/RHSA-2009:1694
https://access.redhat.com/errata/RHSA-2010:0011
https://access.redhat.com/errata/RHSA-2010:0119
https://access.redhat.com/errata/RHSA-2010:0130
https://access.redhat.com/errata/RHSA-2010:0155
https://access.redhat.com/errata/RHSA-2010:0162
https://access.redhat.com/errata/RHSA-2010:0163
https://access.redhat.com/errata/RHSA-2010:0164
https://access.redhat.com/errata/RHSA-2010:0165
https://access.redhat.com/errata/RHSA-2010:0166
https://access.redhat.com/errata/RHSA-2010:0167
https://access.redhat.com/errata/RHSA-2010:0337
https://access.redhat.com/errata/RHSA-2010:0338
https://access.redhat.com/errata/RHSA-2010:0339
https://access.redhat.com/errata/RHSA-2010:0408
https://access.redhat.com/errata/RHSA-2010:0440
https://access.redhat.com/errata/RHSA-2010:0768
https://access.redhat.com/errata/RHSA-2010:0770
https://access.redhat.com/errata/RHSA-2010:0786
https://access.redhat.com/errata/RHSA-2010:0807
https://access.redhat.com/errata/RHSA-2010:0865
https://access.redhat.com/errata/RHSA-2010:0986
https://access.redhat.com/errata/RHSA-2010:0987
https://access.redhat.com/errata/RHSA-2011:0880
https://access.redhat.com/errata/RHSA-2015:1591
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json
https://access.redhat.com/security/cve/CVE-2009-3555
https://api.first.org/data/v1/epss?cve=CVE-2009-3555
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://bz.apache.org/bugzilla/show_bug.cgi?id=50325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
http://seclists.org/fulldisclosure/2009/Nov/139
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://security.gentoo.org/glsa/glsa-201203-22.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
https://github.com/apache/tomcat
https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5
https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d
https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3
https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701
https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02
https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3
https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d
https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366
https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://kb.bluecoat.com/index?page=content&id=SA50
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>
https://nginx.org/download/patch.cve-2009-3555.txt
https://nginx.org/download/patch.cve-2009-3555.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
https://tomcat.apache.org/security-5.html
https://tomcat.apache.org/security-6.html
https://tomcat.apache.org/security-7.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
http://support.apple.com/kb/HT4004
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171
http://support.avaya.com/css/P8/documents/100070150
http://support.avaya.com/css/P8/documents/100081611
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100114327
http://support.citrix.com/article/CTX123359
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
http://sysoev.ru/nginx/patch.cve-2009-3555.txt
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
http://ubuntu.com/usn/usn-923-1
http://wiki.rpath.com/Advisories:rPSA-2009-0155
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
http://www-01.ibm.com/support/docview.wss?uid=swg24006386
http://www-01.ibm.com/support/docview.wss?uid=swg24025312
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
http://www.arubanetworks.com/support/alerts/aid-020810.txt
http://www.betanews.com/article/1257452450
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
http://www.debian.org/security/2009/dsa-1934
http://www.debian.org/security/2011/dsa-2141
http://www.debian.org/security/2015/dsa-3253
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
http://www.ingate.com/Relnote.php?ver=481
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://www.kb.cert.org/vuls/id/120541
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openssl.org/news/secadv_20091111.txt
http://www.openwall.com/lists/oss-security/2009/11/05/3
http://www.openwall.com/lists/oss-security/2009/11/05/5
http://www.openwall.com/lists/oss-security/2009/11/06/3
http://www.openwall.com/lists/oss-security/2009/11/07/3
http://www.openwall.com/lists/oss-security/2009/11/20/1
http://www.openwall.com/lists/oss-security/2009/11/23/10
http://www.opera.com/docs/changelogs/unix/1060
http://www.opera.com/support/search/view/944
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
http://www.redhat.com/support/errata/RHSA-2010-0119.html
http://www.redhat.com/support/errata/RHSA-2010-0130.html
http://www.redhat.com/support/errata/RHSA-2010-0155.html
http://www.redhat.com/support/errata/RHSA-2010-0165.html
http://www.redhat.com/support/errata/RHSA-2010-0167.html
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://www.redhat.com/support/errata/RHSA-2010-0339.html
http://www.redhat.com/support/errata/RHSA-2010-0768.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0786.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
http://www.redhat.com/support/errata/RHSA-2010-0986.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
http://www.tombom.co.uk/blog/?p=85
http://www.ubuntu.com/usn/USN-1010-1
http://www.ubuntu.com/usn/USN-927-1
http://www.ubuntu.com/usn/USN-927-4
http://www.ubuntu.com/usn/USN-927-5
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
765649 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649
CVE-2009-3555 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py
CVE-2009-3555 https://nvd.nist.gov/vuln/detail/CVE-2009-3555
CVE-2009-3555;OSVDB-59970 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt
CVE-2009-3555;OSVDB-59970 Exploit https://www.securityfocus.com/bid/35888/info
GHSA-f7w7-6pjc-wwm6 https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
GLSA-200912-01 https://security.gentoo.org/glsa/200912-01
GLSA-201006-18 https://security.gentoo.org/glsa/201006-18
GLSA-201110-05 https://security.gentoo.org/glsa/201110-05
GLSA-201203-22 https://security.gentoo.org/glsa/201203-22
GLSA-201206-18 https://security.gentoo.org/glsa/201206-18
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
GLSA-201309-15 https://security.gentoo.org/glsa/201309-15
GLSA-201311-13 https://security.gentoo.org/glsa/201311-13
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
mfsa2010-22 https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
USN-1010-1 https://usn.ubuntu.com/1010-1/
USN-860-1 https://usn.ubuntu.com/860-1/
USN-923-1 https://usn.ubuntu.com/923-1/
USN-927-1 https://usn.ubuntu.com/927-1/
USN-927-4 https://usn.ubuntu.com/927-4/
USN-927-6 https://usn.ubuntu.com/927-6/
USN-990-1 https://usn.ubuntu.com/990-1/
USN-990-2 https://usn.ubuntu.com/990-2/
Data source Exploit-DB
Date added Dec. 20, 2009
Description TLS - Renegotiation
Ransomware campaign use Known
Source publication date Dec. 21, 2009
Exploit type remote
Platform multiple
Exploit Prediction Scoring System (EPSS)
Percentile 0.83576
EPSS Score 0.01971
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:31:46.646328+00:00 Nginx Importer Import https://nginx.org/en/security_advisories.html 38.0.0