CVE-2009-3555— Apache HTTP Server 信任管理问题漏洞
公开利用映射 2
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2009-3555 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache HTTP Server 信任管理问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.2.14及之前版本存在信任管理问题漏洞,该漏洞源于TLS协议和SSL协议实现模块没有适当将会话协商与现存连接关联,中间人攻击者可以通过发送一个未认证的请求,将数据注入到受TLS和SSL协议保护的HTTP会话和其它类型会话中。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | n/a | n/a | - |
二、漏洞 CVE-2009-3555 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | A TLS server using a vendored fork of the Go TLS stack that has renegotation indication extension forcibly disabled. | https://github.com/johnwchadwick/cve-2009-3555-test-server | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2009-3555 的情报信息
请登录查看更多情报信息。
CVE-2009-3555 厂商安全公告 (172)
- http://www-01.ibm.com/support/docview.wss?uid=swg21432298x_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlx_refsource_CONFIRM
- http://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg24025312x_refsource_CONFIRM
- https://bugzilla.mozilla.org/show_bug.cgi?id=526689x_refsource_MISC
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlx_refsource_CONFIRM
- http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
- http://support.apple.com/kb/HT4171x_refsource_CONFIRM
- http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg24006386x_refsource_CONFIRM
- http://www.openssl.org/news/secadv_20091111.txtx_refsource_CONFIRM
- http://support.apple.com/kb/HT4004x_refsource_CONFIRM
- https://bugzilla.mozilla.org/show_bug.cgi?id=545755x_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=533125x_refsource_CONFIRM
- http://support.apple.com/kb/HT4170x_refsource_CONFIRM
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
- http://www-01.ibm.com/support/docview.wss?uid=swg21426108x_refsource_CONFIRM
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049vendor-advisoryx_refsource_MS
- 🔗 OpenSSL: Multiple vulnerabilities (GLSA 200912-01) — Gentoo security 查看完整文章 vendor-advisoryx_refsource_GENTOO
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973vdb-entrysignaturex_refsource_OVAL
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617vdb-entrysignaturex_refsource_OVAL
CVE-2009-3555 邮件列表归档 (41)
- '[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCvendor-advisoryx_refsource_HP
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlvendor-advisoryx_refsource_SUSE
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlvendor-advisoryx_refsource_SUSE
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlvendor-advisoryx_refsource_SUSE
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisoryx_refsource_SUSE
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlvendor-advisoryx_refsource_FEDORA
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisoryx_refsource_SUSE
- http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlvendor-advisoryx_refsource_APPLE
CVE-2009-3555 安全博客文章 (2)
- http://www.tombom.co.uk/blog/?p=85x_refsource_MISC
CVE-2009-3555 其他参考 (64)
- http://support.avaya.com/css/P8/documents/100081611x_refsource_CONFIRM
- http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2cx_refsource_CONFIRM
- http://support.avaya.com/css/P8/documents/100114315x_refsource_CONFIRM
- http://blogs.iss.net/archive/sslmitmiscsrf.htmlx_refsource_MISC
- http://www.ingate.com/Relnote.php?ver=481x_refsource_CONFIRM
- http://extendedsubset.com/?p=8x_refsource_MISC
- http://www.opera.com/support/search/view/944/x_refsource_CONFIRM
- http://wiki.rpath.com/Advisories:rPSA-2009-0155x_refsource_CONFIRM
- http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTESx_refsource_CONFIRM
- http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringx_refsource_CONFIRM
- http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedx_refsource_CONFIRM
- https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
- http://support.avaya.com/css/P8/documents/100114327x_refsource_CONFIRM
- http://extendedsubset.com/Renegotiating_TLS.pdfx_refsource_MISC
- http://support.citrix.com/article/CTX123359x_refsource_CONFIRM
- http://www.links.org/?p=786x_refsource_MISC
- http://www.links.org/?p=780x_refsource_MISC
- http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlx_refsource_CONFIRM
- http://sysoev.ru/nginx/patch.cve-2009-3555.txtx_refsource_CONFIRM
- http://www.openoffice.org/security/cves/CVE-2009-3555.htmlx_refsource_CONFIRM
- http://www.links.org/?p=789x_refsource_MISC
- http://www.arubanetworks.com/support/alerts/aid-020810.txtx_refsource_CONFIRM
- http://kbase.redhat.com/faq/docs/DOC-20491x_refsource_CONFIRM
- http://www.betanews.com/article/1257452450x_refsource_MISC
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1vendor-advisoryx_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1vendor-advisoryx_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1vendor-advisoryx_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1vendor-advisoryx_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1vendor-advisoryx_refsource_SUNALERT
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686vendor-advisoryx_refsource_HP
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041vendor-advisoryx_refsource_HP
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995vendor-advisoryx_refsource_HP
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlvendor-advisoryx_refsource_FEDORA
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlvendor-advisoryx_refsource_FEDORA
同批安全公告 · n/a · 2009-11-09 · 共 24 条
| CVE-2009-3911 | TFTgallery 'settings.php' 跨站脚本攻击漏洞 | |
| CVE-2009-3922 | Drupal User Protect 跨站请求伪造漏洞 | |
| CVE-2009-3921 | Drupal Smartqueue OG模块安全许可和信息泄露漏洞 | |
| CVE-2009-3920 | Drupal NGP COO/CWP Integration模块访问控制和信息泄露漏洞 | |
| CVE-2009-3919 | Drupal NGP COO/CWP Integration模块安全绕过和HTML注入漏洞 | |
| CVE-2009-3918 | Drupal Zoomify模块HTML注入漏洞 | |
| CVE-2009-3917 | Drupal S5 Presentation Player模块HTML注入漏洞 | |
| CVE-2009-3916 | Drupal Node Hierarchy模块跨站脚本漏洞 | |
| CVE-2009-3915 | Drupal Link模块跨站脚本攻击漏洞 | |
| CVE-2009-3914 | Drupal Temporary Invitation模块跨站脚本漏洞 | |
| CVE-2009-3913 | Xerox Fiery WebTools 'summary.php' SQL注入漏洞 | |
| CVE-2009-3912 | TFTgallery 'index.php' 目录遍历漏洞 | |
| CVE-2009-3726 | Linux kernel 资源管理错误漏洞 | |
| CVE-2009-3886 | Sun Java SE "Java Web Start"应用未明安全漏洞 | |
| CVE-2009-3885 | Sun Java SE "BMP"方法 拒绝服务攻击漏洞 | |
| CVE-2009-3884 | Sun Java SE和OpenJDK 方法"TimeZone.getTimeZone" 信息泄露漏洞 | |
| CVE-2009-3883 | Sun Java SE和OpenJDK 特征"PL&F" 多个未明安全漏洞 | |
| CVE-2009-3882 | Sun Java SE和OpenJDK 应用"Swing" 多个未明安全漏洞 | |
| CVE-2009-3881 | Sun Java SE和OpenJDK "ClassLoader" 权限获得和信息泄露漏洞 | |
| CVE-2009-3880 | Sun Java SE和OpenJDK "Abstract Window Toolkit (AWT)" 访问控制和信息泄露漏洞 |
显示前 20 条,共 24 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2009-3555
暂无评论