Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

SeverityMEDIUM
CVSS5.8
CWECWE-295
KEV
Published
Modified

Related Products

Product Advisory Evidence
CiscoWorks Wireless LAN Solution Engine (WLSE) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
CiscoWorks Common Services (CS) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Wireless Location Appliance Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Wireless Control System (WCS) Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Wide Area Application Services (WAAS) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Training Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Support Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Sales Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx PCNow Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Meeting Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx MeetMeNow Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Event Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco WebEx Connect Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Video Surveillance Operations Manager Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Video Surveillance Media Server Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7971G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7970G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7965G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7962G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7961G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7960G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7945G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7942G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7941G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7940G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7931G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7911G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Phone 7906G Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Conference Station 7936 Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified IP Conference Station 7935 Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified Contact Center Express Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified Contact Center Enterprise Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified Contact Center Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Unified Communications Manager Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco TelePresence Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Spam and Virus Blocker Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Security Agent for Linux Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Security Agent Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Secure Access Control System (ACS) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Optical Networking Systems (ONS) System Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Optical Networking Systems (ONS) Firmware Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Optical Networking Systems (ONS) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Network Analysis Module (NAM) Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco NX-OS Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IronPort Web Security Appliance Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IronPort Security Management Appliance Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IronPort Encryption Appliance Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IP Communicator Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IOS XE Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco IOS Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco GSS Global Site Selector Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Digital Media Player Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Digital Media Manager Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Content Switching Module (CSM) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Content Services Switch (CSS) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco CNS Network Registrar Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Application Networking Manager (ANM) Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco AVS Application Velocity System Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco ACE Web Application Firewall Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco ACE GSS 4400 Series Global Site Selector (GSS) devices Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches Cisco-SA-20091105-CVE-2009-3555 Cisco OpenVuln · software-dependent