CVE-2009-3555

CRITICAL EXPLOITED

Apache HTTP Server < 2.2.14 - Plaintext Injection via TLS Renegotiation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-3555 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including RedTeam Pentesting, Dan Kaminsky, johnwchadwick.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2009-3555, the TLS renegotiation vulnerability. It acts as a man-in-the-middle to inject arbitrary data into a TLS session by exploiting the renegotiation flaw.

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Exploits (3)

exploitdb WORKING POC VERIFIED
by RedTeam Pentesting · pythonremotemultiple
https://www.exploit-db.com/exploits/10579

This is a proof-of-concept exploit for CVE-2009-3555, the TLS renegotiation vulnerability. It acts as a man-in-the-middle to inject arbitrary data into a TLS session by exploiting the renegotiation flaw.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Complex
Reliability
Reliable
Target: TLS/SSL implementations (e.g., OpenSSL, browsers, servers)
No auth needed
Prerequisites: Network access to intercept TLS traffic · Victim initiating a TLS connection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Dan Kaminsky · textremotemultiple
https://www.exploit-db.com/exploits/10071

This exploit demonstrates CVE-2009-3555, a vulnerability in Mozilla Network Security Services (NSS) where a NULL byte in a certificate's Common Name (CN) allows domain validation bypass. The provided RSA private key and certificate request show a crafted certificate with a NULL byte in the CN field, enabling man-in-the-middle attacks.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Network Security Services (NSS) (used by Firefox, Thunderbird, etc.)
No auth needed
Prerequisites: Ability to generate a crafted certificate with a NULL byte in the CN field · Position to perform a man-in-the-middle attack
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by johnwchadwick · remote
https://github.com/johnwchadwick/cve-2009-3555-test-server

This repository contains a TLS server implementation with a modified Go TLS stack that disables renegotiation indication extension, triggering CVE-2009-3555 mitigations in OpenSSL 3.0+. It serves as a test server to verify client behavior when connecting to servers with insecure renegotiation configurations.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL 3.0+
No auth needed
Prerequisites: Go environment · TLS client that enforces renegotiation security
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (299)

Core 299
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023427
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100081611
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/62210
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37640
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0916
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100114327
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0167.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2010
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0086
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1673
Third Party Advisory mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37656
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0865.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39628
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42724
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3310
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3205
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39461
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100114315
Broken Link x_refsource_confirm
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory x_refsource_confirm
http://www.ingate.com/Relnote.php?ver=481
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023204
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40866
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023211
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39317
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023212
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39127
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40545
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3069
Third Party Advisory vendor-advisory x_refsource_openbsd
http://openbsd.org/errata45.html#010_openssl
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023210
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023270
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40070
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023273
Third Party Advisory x_refsource_confirm
http://kbase.redhat.com/faq/docs/DOC-20491
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-927-5
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0770.html
Third Party Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20091111.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023275
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3253
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3484
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023207
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37859
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=142660345230545&w=2
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0848
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/07/3
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39819
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
Third Party Advisory x_refsource_misc
http://www.links.org/?p=786
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/60521
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/23/10
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/120541
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023217
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0768.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3353
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39136
Third Party Advisory x_refsource_confirm
http://www.openoffice.org/security/cves/CVE-2009-3555.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0032
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023148
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36935
Broken Link x_refsource_misc
http://www.tombom.co.uk/blog/?p=85
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023218
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1350
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0338.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42379
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
Third Party Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023213
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1793
Broken Link x_refsource_misc
http://extendedsubset.com/?p=8
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37292
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39278
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023205
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0130.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4004
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023215
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1010-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023206
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200912-01.xml
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127419602507642&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3313
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023208
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43308
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023214
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38781
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1934
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023271
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=cryptography&m=125752275331877&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42467
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508130/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023224
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-927-4
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41490
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508075/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023243
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37504
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023219
Broken Link x_refsource_confirm
http://sysoev.ru/nginx/patch.cve-2009-3555.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023163
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3521
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=533125
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44183
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42808
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39500
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3220
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557596201693&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0165.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515055/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0987.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=545755
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023411
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0339.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0986.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3164
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37383
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44954
Third Party Advisory mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100070150
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40747
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/522176
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39292
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42816
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24025312
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24006386
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4170
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507952/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023209
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48577
Third Party Advisory x_refsource_misc
http://www.links.org/?p=789
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1060/
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0880.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/06/3
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0155
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Third Party Advisory x_refsource_confirm
http://support.citrix.com/article/CTX123359
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37501
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3587
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39632
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126150535619567&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38687
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=526689
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0982
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37399
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-927-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023272
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3126
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37320
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3165
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1639
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38020
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-923-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39243
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37453
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0933
Third Party Advisory vendor-advisory x_refsource_hp
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41972
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3086
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2141
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024789
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0155.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0033
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0337.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023216
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41480
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0086
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41818
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37604
Third Party Advisory x_refsource_confirm
http://www.opera.com/support/search/view/944/
Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
Third Party Advisory x_refsource_misc
http://www.links.org/?p=780
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0119.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38056
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0748
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37675
Broken Link vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127128920008563&w=2
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0786.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38003
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4171
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023428
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=132077688910227&w=2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/20/1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3354
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023274
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39242
Third Party Advisory x_refsource_confirm
https://kb.bluecoat.com/index?page=content&id=SA50
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38241
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42377
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-22.xml
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/05/3
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/60972
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023426
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38484
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Third Party Advisory x_refsource_misc
http://www.betanews.com/article/1257452450
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
Third Party Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_openbsd
http://openbsd.org/errata46.html#004_openssl
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41967
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0807.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1191
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2009/Nov/139
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/05/5
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39713
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42733
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37291
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2745
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0994
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0173
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1054
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/65202
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
Third Party Advisory mailing-list x_refsource_mlist
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
Exploit, Third Party Advisory x_refsource_misc
http://clicky.me/tlsvuln
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42811
Exploit, Third Party Advisory
https://www.exploit-db.com/exploits/10579

Scores

CVSS v3 9.8
EPSS 0.0374
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2009-11-18
CWE
CWE-295 CWE-300
Status published
Products (24)
apache/http_server < 2.2.14
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
debian/debian_linux 4.0
debian/debian_linux 5.0
debian/debian_linux 6.0
... and 14 more
Published Nov 09, 2009
Tracked Since Feb 18, 2026