Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 10/2/2014 12:32:45 PM

CVE Publication rate: 40.1

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 11.52
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2009-3555

Original release date: 11/09/2009
Last revised: 11/24/2013
Source: US-CERT/NIST

Overview

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:P) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/20/2009)
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC
Name: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2010-0019.html
External Source: CONFIRM
Name: http://www.ingate.com/Relnote.php?ver=481
External Source: HP
Name: SSRT100179
External Source: FEDORA
Name: FEDORA-2010-6131
External Source: SECUNIA
Name: 37291
Type: Advisory
External Source: CONFIRM
Name: http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
External Source: SECTRACK
Name: 1023275
External Source: VUPEN
Name: ADV-2011-0032
External Source: CONFIRM
Name: http://support.avaya.com/css/P8/documents/100081611
External Source: SECUNIA
Name: 40747
External Source: SECTRACK
Name: 1023216
External Source: OPENBSD
Name: [4.5] 010: SECURITY FIX: November 26, 2009
External Source: SECUNIA
Name: 40070
External Source: SECTRACK
Name: 1023212
External Source: SECUNIA
Name: 38241
External Source: CONFIRM
Name: https://bugzilla.mozilla.org/show_bug.cgi?id=545755
External Source: SUNALERT
Name: 274990
External Source: SECUNIA
Name: 38056
External Source: SECTRACK
Name: 1023205
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=533125
External Source: VUPEN
Name: ADV-2010-1107
External Source: SECUNIA
Name: 38484
External Source: SECUNIA
Name: 39500
External Source: VUPEN
Name: ADV-2010-1054
External Source: MISC
Name: http://clicky.me/tlsvuln
External Source: FEDORA
Name: FEDORA-2009-12968
External Source: OVAL
Name: oval:org.mitre.oval:def:11578
External Source: AIXAPAR
Name: PM00675
External Source: SECUNIA
Name: 41972
External Source: VUPEN
Name: ADV-2009-3484
External Source: APPLE
Name: APPLE-SA-2010-01-19-1
External Source: VUPEN
Name: ADV-2010-0086
External Source: UBUNTU
Name: USN-927-4
External Source: BUGTRAQ
Name: 20091118 TLS / SSLv3 vulnerability explained (DRAFT)
External Source: SECUNIA
Name: 42467
External Source: CONFIRM
Name: http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
External Source: SECUNIA
Name: 39292
External Source: SECTRACK
Name: 1023428
External Source: MANDRIVA
Name: MDVSA-2010:084
External Source: CONFIRM
Name: http://support.avaya.com/css/P8/documents/100114315
External Source: SECUNIA
Name: 39136
External Source: MISC
Name: http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
External Source: FEDORA
Name: FEDORA-2009-12229
External Source: MISC
Name: http://www.tombom.co.uk/blog/?p=85
External Source: SECUNIA
Name: 42379
External Source: SECTRACK
Name: 1023213
External Source: XF
Name: tls-renegotiation-weak-security(54158)
External Source: SECUNIA
Name: 43308
External Source: SECTRACK
Name: 1023210
External Source: CONFIRM
Name: http://www-01.ibm.com/support/docview.wss?uid=swg24006386
External Source: REDHAT
Name: RHSA-2010:0807
External Source: MLIST
Name: [oss-security] 20091120 CVEs for nginx
External Source: SECTRACK
Name: 1023163
External Source: CONFIRM
Name: http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
External Source: MLIST
Name: [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation
External Source: REDHAT
Name: RHSA-2010:0987
External Source: REDHAT
Name: RHSA-2010:0167
External Source: SECUNIA
Name: 37604
External Source: SECTRACK
Name: 1023207
External Source: REDHAT
Name: RHSA-2010:0155
External Source: REDHAT
Name: RHSA-2010:0119
External Source: FEDORA
Name: FEDORA-2010-16312
External Source: REDHAT
Name: RHSA-2010:0786
External Source: SECUNIA
Name: 37399
External Source: MISC
Name: http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
External Source: REDHAT
Name: RHSA-2010:0339
External Source: SECUNIA
Name: 42377
External Source: OSVDB
Name: 60521
External Source: SECUNIA
Name: 38687
External Source: SUSE
Name: SUSE-SA:2009:057
External Source: VUPEN
Name: ADV-2009-3521
External Source: SLACKWARE
Name: SSA:2009-320-01
External Source: FEDORA
Name: FEDORA-2009-12750
External Source: FEDORA
Name: FEDORA-2010-16240
External Source: SECUNIA
Name: 41490
External Source: SECTRACK
Name: 1023218
External Source: HP
Name: SSRT090249
External Source: MLIST
Name: [gnutls-devel] 20091105 Re: TLS renegotiation MITM
External Source: REDHAT
Name: RHSA-2011:0880
External Source: VUPEN
Name: ADV-2009-3353
External Source: SUSE
Name: openSUSE-SU-2011:0845
External Source: SECTRACK
Name: 1023219
External Source: CONFIRM
Name: http://support.avaya.com/css/P8/documents/100070150
External Source: SECUNIA
Name: 37453
External Source: DEBIAN
Name: DSA-2141
External Source: SECUNIA
Name: 39713
External Source: SECTRACK
Name: 1023273
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2011-0003.html
External Source: CONFIRM
Name: http://www-01.ibm.com/support/docview.wss?uid=swg24025312
External Source: SECTRACK
Name: 1023217
External Source: HP
Name: HPSBGN02562
External Source: REDHAT
Name: RHSA-2010:0338
External Source: MISC
Name: https://bugzilla.mozilla.org/show_bug.cgi?id=526689
External Source: OVAL
Name: oval:org.mitre.oval:def:7315
External Source: MANDRIVA
Name: MDVSA-2010:076
External Source: OSVDB
Name: 65202
External Source: MANDRIVA
Name: MDVSA-2010:089
External Source: CONFIRM
Name: http://support.apple.com/kb/HT4170
External Source: SECUNIA
Name: 42733
External Source: UBUNTU
Name: USN-927-5
External Source: MISC
Name: https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
External Source: REDHAT
Name: RHSA-2010:0768
External Source: MISC
Name: http://www.betanews.com/article/1257452450
External Source: SECTRACK
Name: 1023427
External Source: SUSE
Name: SUSE-SR:2010:008
External Source: MLIST
Name: [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
External Source: MLIST
Name: [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks
External Source: MLIST
Name: [oss-security] 20091123 Re: CVEs for nginx
External Source: SUSE
Name: SUSE-SR:2010:013
External Source: CONFIRM
Name: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
External Source: HP
Name: SSRT090180
External Source: SECUNIA
Name: 42808
External Source: CISCO
Name: 20091109 Transport Layer Security Renegotiation Vulnerability
External Source: SECTRACK
Name: 1023270
External Source: CONFIRM
Name: http://www-01.ibm.com/support/docview.wss?uid=swg21432298
External Source: VUPEN
Name: ADV-2010-1639
External Source: CONFIRM
Name: http://support.avaya.com/css/P8/documents/100114327
External Source: OVAL
Name: oval:org.mitre.oval:def:7478
External Source: OPENBSD
Name: [4.6] 004: SECURITY FIX: November 26, 2009
External Source: SECUNIA
Name: 37320
Type: Advisory
External Source: SECUNIA
Name: 39628
External Source: SUNALERT
Name: 273029
External Source: BUGTRAQ
Name: 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
External Source: VUPEN
Name: ADV-2010-0933
External Source: SUSE
Name: SUSE-SR:2010:019
External Source: MLIST
Name: [tls] 20091104 TLS renegotiation issue
External Source: VUPEN
Name: ADV-2010-2745
External Source: CONFIRM
Name: https://kb.bluecoat.com/index?page=content&id=SA50
External Source: SECUNIA
Name: 37656
External Source: VUPEN
Name: ADV-2010-0916
External Source: GENTOO
Name: GLSA-201203-22
External Source: SECUNIA
Name: 42724
External Source: SUSE
Name: SUSE-SU-2011:0847
External Source: SECUNIA
Name: 38781
External Source: SECUNIA
Name: 44954
External Source: BUGTRAQ
Name: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
External Source: CONFIRM
Name: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
External Source: AIXAPAR
Name: IC68054
External Source: HP
Name: HPSBHF02706
External Source: MLIST
Name: [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks
External Source: SECTRACK
Name: 1023209
External Source: FEDORA
Name: FEDORA-2010-5357
External Source: SECUNIA
Name: 40545
External Source: FEDORA
Name: FEDORA-2009-12606
External Source: HP
Name: HPSBMU02759
External Source: SECTRACK
Name: 1024789
External Source: VUPEN
Name: ADV-2011-0086
External Source: MLIST
Name: [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks
External Source: FEDORA
Name: FEDORA-2009-12604
External Source: FULLDISC
Name: 20091111 Re: SSL/TLS MiTM PoC
External Source: SECUNIA
Name: 48577
US-CERT Vulnerability Note: CERT
Name: TA10-287A
External Source: VUPEN
Name: ADV-2009-3310
External Source: CONFIRM
Name: http://www-01.ibm.com/support/docview.wss?uid=swg21426108
External Source: VUPEN
Name: ADV-2010-1191
External Source: SUNALERT
Name: 1021653
External Source: VUPEN
Name: ADV-2010-0982
External Source: OVAL
Name: oval:org.mitre.oval:def:8535
External Source: SECUNIA
Name: 37675
External Source: SECUNIA
Name: 38003
External Source: VUPEN
Name: ADV-2009-3165
Type: Advisory
External Source: SECUNIA
Name: 37504
External Source: AIXAPAR
Name: IC68055
External Source: MISC
Name: http://extendedsubset.com/?p=8
External Source: HP
Name: SSRT100817
External Source: SECUNIA
Name: 44183
External Source: CONFIRM
Name: http://www.openoffice.org/security/cves/CVE-2009-3555.html
External Source: SECUNIA
Name: 42816
External Source: MISC
Name: http://extendedsubset.com/Renegotiating_TLS.pdf
External Source: SECUNIA
Name: 37501
External Source: SECTRACK
Name: 1023211
External Source: SUNALERT
Name: 1021752
External Source: SECUNIA
Name: 37383
External Source: SECTRACK
Name: 1023208
External Source: CONFIRM
Name: http://support.citrix.com/article/CTX123359
External Source: SECUNIA
Name: 39243
External Source: SECUNIA
Name: 37640
External Source: CONFIRM
Name: http://support.apple.com/kb/HT4004
External Source: BID
Name: 36935
Type: Patch Information; Exploit
External Source: SECTRACK
Name: 1023271
US-CERT Vulnerability Note: CERT-VN
Name: VU#120541
External Source: REDHAT
Name: RHSA-2010:0337
External Source: SECUNIA
Name: 39632
External Source: MLIST
Name: [cryptography] 20091105 OpenSSL 0.9.8l released
External Source: BUGTRAQ
Name: 20091124 rPSA-2009-0155-1 httpd mod_ssl
External Source: VUPEN
Name: ADV-2010-3126
External Source: UBUNTU
Name: USN-923-1
External Source: SECUNIA
Name: 37292
Type: Advisory
External Source: SECUNIA
Name: 39819
External Source: GENTOO
Name: GLSA-200912-01
External Source: VUPEN
Name: ADV-2009-3354
External Source: VUPEN
Name: ADV-2011-0033
External Source: FEDORA
Name: FEDORA-2009-12305
External Source: VUPEN
Name: ADV-2010-3086
External Source: VUPEN
Name: ADV-2010-0173
External Source: VUPEN
Name: ADV-2010-2010
External Source: FEDORA
Name: FEDORA-2010-5942
External Source: BUGTRAQ
Name: 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
External Source: SECTRACK
Name: 1023243
External Source: VUPEN
Name: ADV-2010-0994
External Source: SUSE
Name: SUSE-SR:2010:012
External Source: MS
Name: MS10-049
External Source: SECTRACK
Name: 1023214
External Source: OVAL
Name: oval:org.mitre.oval:def:8366
External Source: VUPEN
Name: ADV-2010-1673
External Source: SUSE
Name: SUSE-SR:2010:024
External Source: UBUNTU
Name: USN-927-1
External Source: VUPEN
Name: ADV-2009-3164
Type: Advisory
External Source: MISC
Name: http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
External Source: MISC
Name: http://blogs.iss.net/archive/sslmitmiscsrf.html
External Source: REDHAT
Name: RHSA-2010:0130
External Source: SECUNIA
Name: 39127
External Source: APPLE
Name: APPLE-SA-2010-05-18-1
External Source: MISC
Name: http://www.links.org/?p=789
External Source: AIXAPAR
Name: PM12247
External Source: SECUNIA
Name: 37859
External Source: VUPEN
Name: ADV-2010-0748
External Source: HP
Name: HPSBUX02482
External Source: CONFIRM
Name: http://www.opera.com/support/search/view/944/
External Source: BUGTRAQ
Name: 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
External Source: CONFIRM
Name: http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
External Source: OSVDB
Name: 60972
External Source: SUNALERT
Name: 273350
External Source: VUPEN
Name: ADV-2010-1350
US-CERT Vulnerability Note: CERT
Name: TA10-222A
External Source: SECTRACK
Name: 1023274
External Source: CONFIRM
Name: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
External Source: REDHAT
Name: RHSA-2010:0165
External Source: SECUNIA
Name: 38020
External Source: FEDORA
Name: FEDORA-2010-16294
External Source: CONFIRM
Name: http://support.apple.com/kb/HT4171
External Source: HP
Name: SSRT090208
External Source: SECTRACK
Name: 1023224
External Source: HP
Name: HPSBMA02534
External Source: FEDORA
Name: FEDORA-2009-12782
External Source: REDHAT
Name: RHSA-2010:0865
External Source: OVAL
Name: oval:org.mitre.oval:def:11617
External Source: MISC
Name: http://www.links.org/?p=780
External Source: HP
Name: HPSBMA02568
External Source: SECTRACK
Name: 1023272
External Source: SECUNIA
Name: 42811
External Source: APPLE
Name: APPLE-SA-2010-05-18-2
External Source: SUSE
Name: SUSE-SA:2010:061
External Source: SECTRACK
Name: 1023204
External Source: SECTRACK
Name: 1023148
External Source: VUPEN
Name: ADV-2009-3220
Type: Advisory
External Source: SECUNIA
Name: 41967
External Source: SECUNIA
Name: 39278
External Source: VUPEN
Name: ADV-2009-3313
External Source: SECTRACK
Name: 1023411
External Source: HP
Name: HPSBOV02683
External Source: VUPEN
Name: ADV-2010-0848
External Source: CONFIRM
Name: http://sysoev.ru/nginx/patch.cve-2009-3555.txt
External Source: UBUNTU
Name: USN-1010-1
External Source: SUSE
Name: SUSE-SR:2010:011
External Source: SECTRACK
Name: 1023206
External Source: AIXAPAR
Name: IC67848
External Source: MLIST
Name: [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation
External Source: SECUNIA
Name: 39461
External Source: OVAL
Name: oval:org.mitre.oval:def:7973
External Source: OVAL
Name: oval:org.mitre.oval:def:10088
External Source: CONFIRM
Name: http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
External Source: SECTRACK
Name: 1023426
External Source: REDHAT
Name: RHSA-2010:0986
External Source: HP
Name: SSRT100613
External Source: SECTRACK
Name: 1023215
External Source: VUPEN
Name: ADV-2010-1793
External Source: CONFIRM
Name: http://www.opera.com/docs/changelogs/unix/1060/
External Source: MISC
Name: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
External Source: CONFIRM
Name: http://www.arubanetworks.com/support/alerts/aid-020810.txt
External Source: VUPEN
Name: ADV-2009-3587
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2009-0155
External Source: SECUNIA
Name: 40866
External Source: FEDORA
Name: FEDORA-2009-12775
External Source: REDHAT
Name: RHSA-2010:0770
External Source: HP
Name: SSRT100219
External Source: DEBIAN
Name: DSA-1934
External Source: HP
Name: HPSBMA02547
External Source: VUPEN
Name: ADV-2010-3069
External Source: SECUNIA
Name: 41480
External Source: MISC
Name: http://www.links.org/?p=786
External Source: CONFIRM
Name: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
External Source: CONFIRM
Name: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
External Source: CONFIRM
Name: http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
External Source: CONFIRM
Name: http://kbase.redhat.com/faq/docs/DOC-20491
External Source: VUPEN
Name: ADV-2009-3205
Type: Advisory
External Source: SECUNIA
Name: 39242
External Source: OSVDB
Name: 62210
External Source: SECUNIA
Name: 39317

References to Check Content

Identifier: oval:org.mitre.oval:def:10088
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:11578
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:11617
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:7315
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:7478
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:7973
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:8366
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5
Identifier: oval:org.mitre.oval:def:8535
Check System: http://oval.mitre.org/XMLSchema/oval-definitions-5

Vulnerable software and versions

Skip Navigation Links.
Collapse Configuration 1Configuration 1
Collapse ANDAND
Collapse OROR
* cpe:/a:microsoft:iis:7.0
* cpe:/a:apache:http_server:2.0.46
* cpe:/a:apache:http_server:2.0.45
* cpe:/a:apache:http_server:2.0.44
* cpe:/a:apache:http_server:2.0.43
* cpe:/a:apache:http_server:2.0.42
* cpe:/a:apache:http_server:2.0.41
* cpe:/a:apache:http_server:2.0.40
* cpe:/a:apache:http_server:2.0.39
* cpe:/a:apache:http_server:2.0.38
* cpe:/a:apache:http_server:2.0.37
* cpe:/a:apache:http_server:2.0.36
* cpe:/a:apache:http_server:2.0.35
* cpe:/a:apache:http_server:2.0.34:beta
* cpe:/a:apache:http_server:2.0.32:beta
* cpe:/a:apache:http_server:2.0.32
* cpe:/a:apache:http_server:2.0.28:beta
* cpe:/a:apache:http_server:2.0.28
* cpe:/a:apache:http_server:2.0
* cpe:/a:apache:http_server:1.99
* cpe:/a:apache:http_server:1.4.0
* cpe:/a:apache:http_server:1.3.9
* cpe:/a:apache:http_server:1.3.8
* cpe:/a:apache:http_server:1.3.7::dev
* cpe:/a:apache:http_server:1.3.7
* cpe:/a:apache:http_server:1.3.68
* cpe:/a:apache:http_server:1.3.65
* cpe:/a:apache:http_server:1.3.6
* cpe:/a:apache:http_server:1.3.5
* cpe:/a:apache:http_server:1.3.4
* cpe:/a:apache:http_server:1.3.39
* cpe:/a:apache:http_server:1.3.38
* cpe:/a:apache:http_server:1.3.37
* cpe:/a:apache:http_server:1.3.36
* cpe:/a:apache:http_server:1.3.35
* cpe:/a:apache:http_server:1.3.34
* cpe:/a:apache:http_server:1.3.33
* cpe:/a:apache:http_server:1.3.32
* cpe:/a:apache:http_server:1.3.31
* cpe:/a:apache:http_server:1.3.30
* cpe:/a:apache:http_server:1.3.3
* cpe:/a:apache:http_server:1.3.29
* cpe:/a:apache:http_server:1.3.28
* cpe:/a:apache:http_server:1.3.27
* cpe:/a:apache:http_server:1.3.26
* cpe:/a:apache:http_server:1.3.25
* cpe:/a:apache:http_server:1.3.24
* cpe:/a:apache:http_server:1.3.23
* cpe:/a:apache:http_server:1.3.22
* cpe:/a:apache:http_server:1.3.20
* cpe:/a:apache:http_server:1.3.2
* cpe:/a:apache:http_server:1.3.19
* cpe:/a:apache:http_server:1.3.18
* cpe:/a:apache:http_server:1.3.17
* cpe:/a:apache:http_server:1.3.16
* cpe:/a:apache:http_server:1.3.15
* cpe:/a:apache:http_server:1.3.14
* cpe:/a:apache:http_server:1.3.13
* cpe:/a:apache:http_server:1.3.12
* cpe:/a:apache:http_server:1.3.11
* cpe:/a:apache:http_server:1.3.1.1
* cpe:/a:apache:http_server:1.3.0
* cpe:/a:apache:http_server:1.3
* cpe:/a:apache:http_server:1.2.6
* cpe:/a:apache:http_server:1.2.5
* cpe:/a:apache:http_server:1.2.4
* cpe:/a:apache:http_server:1.2
* cpe:/a:apache:http_server:1.1.1
* cpe:/a:apache:http_server:1.0.5
* cpe:/a:apache:http_server:1.0.3
* cpe:/a:apache:http_server:1.0.2
* cpe:/a:apache:http_server:1.0
* cpe:/a:apache:http_server:0.8.14
* cpe:/a:apache:http_server:0.8.11
* cpe:/a:apache:http_server:2.2.8
* cpe:/a:apache:http_server:2.2.7
* cpe:/a:apache:http_server:2.2.6
* cpe:/a:apache:http_server:2.2.5
* cpe:/a:apache:http_server:2.2.4
* cpe:/a:apache:http_server:2.2.3
* cpe:/a:apache:http_server:2.2.2
* cpe:/a:apache:http_server:2.2.12
* cpe:/a:apache:http_server:2.2.11
* cpe:/a:apache:http_server:2.2.10
* cpe:/a:apache:http_server:2.2.1
* cpe:/a:apache:http_server:2.2.0
* cpe:/a:apache:http_server:2.2
* cpe:/a:apache:http_server:2.1.9
* cpe:/a:apache:http_server:2.1.8
* cpe:/a:apache:http_server:2.1.7
* cpe:/a:apache:http_server:2.1.6
* cpe:/a:apache:http_server:2.1.5
* cpe:/a:apache:http_server:2.1.4
* cpe:/a:apache:http_server:2.1.3
* cpe:/a:apache:http_server:2.1.2
* cpe:/a:apache:http_server:2.1.1
* cpe:/a:apache:http_server:2.0.9
* cpe:/a:apache:http_server:2.0.63
* cpe:/a:apache:http_server:2.0.61
* cpe:/a:apache:http_server:2.0.60
* cpe:/a:apache:http_server:2.0.59
* cpe:/a:apache:http_server:2.0.58::win32
* cpe:/a:apache:http_server:2.0.58
* cpe:/a:apache:http_server:2.0.57
* cpe:/a:apache:http_server:2.0.56
* cpe:/a:apache:http_server:2.0.55
* cpe:/a:apache:http_server:2.0.54
* cpe:/a:apache:http_server:2.0.53
* cpe:/a:apache:http_server:2.0.52
* cpe:/a:apache:http_server:2.0.51
* cpe:/a:apache:http_server:2.0.50
* cpe:/a:apache:http_server:2.0.49
* cpe:/a:apache:http_server:2.0.48
* cpe:/a:apache:http_server:2.0.47
* cpe:/a:apache:http_server:2.0.46::win32
* cpe:/a:apache:http_server:2.2.13 and previous versions
* cpe:/a:openssl:openssl:0.9.5:beta2
* cpe:/a:openssl:openssl:0.9.5a
* cpe:/a:openssl:openssl:0.9.5a:beta1
* cpe:/a:openssl:openssl:0.9.5a:beta2
* cpe:/a:openssl:openssl:0.9.3a
* cpe:/a:openssl:openssl:0.9.4
* cpe:/a:openssl:openssl:0.9.5
* cpe:/a:openssl:openssl:0.9.5:beta1
* cpe:/a:openssl:openssl:0.9.6a
* cpe:/a:openssl:openssl:0.9.6a:beta1
* cpe:/a:openssl:openssl:0.9.6a:beta2
* cpe:/a:openssl:openssl:0.9.6a:beta3
* cpe:/a:openssl:openssl:0.9.6
* cpe:/a:openssl:openssl:0.9.6:beta1
* cpe:/a:openssl:openssl:0.9.6:beta2
* cpe:/a:openssl:openssl:0.9.6:beta3
* cpe:/a:openssl:openssl:0.9.6g
* cpe:/a:openssl:openssl:0.9.6f
* cpe:/a:openssl:openssl:0.9.6i
* cpe:/a:openssl:openssl:0.9.6h
* cpe:/a:openssl:openssl:0.9.6c
* cpe:/a:openssl:openssl:0.9.6b
* cpe:/a:openssl:openssl:0.9.6e
* cpe:/a:openssl:openssl:0.9.6d
* cpe:/a:openssl:openssl:0.9.7:beta1
* cpe:/a:openssl:openssl:0.9.7
* cpe:/a:openssl:openssl:0.9.7:beta3
* cpe:/a:openssl:openssl:0.9.7:beta2
* cpe:/a:openssl:openssl:0.9.6k
* cpe:/a:openssl:openssl:0.9.6j
* cpe:/a:openssl:openssl:0.9.6m
* cpe:/a:openssl:openssl:0.9.6l
* cpe:/a:openssl:openssl:0.9.3
* cpe:/a:openssl:openssl:0.9.2b
* cpe:/a:openssl:openssl:0.9.1c
* cpe:/a:openssl:openssl:0.9.7m
* cpe:/a:openssl:openssl:0.9.7:beta6
* cpe:/a:openssl:openssl:0.9.7a
* cpe:/a:openssl:openssl:0.9.7:beta4
* cpe:/a:openssl:openssl:0.9.7:beta5
* cpe:/a:openssl:openssl:0.9.7d
* cpe:/a:openssl:openssl:0.9.7e
* cpe:/a:openssl:openssl:0.9.7b
* cpe:/a:openssl:openssl:0.9.7c
* cpe:/a:openssl:openssl:0.9.7h
* cpe:/a:openssl:openssl:0.9.7i
* cpe:/a:openssl:openssl:0.9.7f
* cpe:/a:openssl:openssl:0.9.7g
* cpe:/a:openssl:openssl:0.9.8
* cpe:/a:openssl:openssl:0.9.8a
* cpe:/a:openssl:openssl:0.9.7j
* cpe:/a:openssl:openssl:0.9.7k
* cpe:/a:openssl:openssl:1.0::openvms
* cpe:/a:openssl:openssl:0.9.8e
* cpe:/a:openssl:openssl:0.9.8c
* cpe:/a:openssl:openssl:0.9.8b
* cpe:/a:openssl:openssl:0.9.8f
* cpe:/a:openssl:openssl:0.9.7l
* cpe:/a:openssl:openssl:0.9.8d
* cpe:/a:openssl:openssl:0.9.8g
* cpe:/a:openssl:openssl:0.9.8h and previous versions
* cpe:/a:gnu:gnutls:1.0.22
* cpe:/a:gnu:gnutls:1.0.23
* cpe:/a:gnu:gnutls:1.0.20
* cpe:/a:gnu:gnutls:1.0.21
* cpe:/a:gnu:gnutls:1.0.18
* cpe:/a:gnu:gnutls:1.0.19
* cpe:/a:gnu:gnutls:1.0.16
* cpe:/a:gnu:gnutls:1.0.17
* cpe:/a:gnu:gnutls:1.1.18
* cpe:/a:gnu:gnutls:1.1.19
* cpe:/a:gnu:gnutls:1.1.16
* cpe:/a:gnu:gnutls:1.1.17
* cpe:/a:gnu:gnutls:1.1.14
* cpe:/a:gnu:gnutls:1.1.15
* cpe:/a:gnu:gnutls:1.0.24
* cpe:/a:gnu:gnutls:1.0.25
* cpe:/a:gnu:gnutls:1.1.21
* cpe:/a:gnu:gnutls:1.1.20
* cpe:/a:gnu:gnutls:1.1.23
* cpe:/a:gnu:gnutls:1.1.22
* cpe:/a:gnu:gnutls:1.2.1
* cpe:/a:gnu:gnutls:1.2.0
* cpe:/a:gnu:gnutls:1.2.11
* cpe:/a:gnu:gnutls:1.2.10
* cpe:/a:gnu:gnutls:1.2.3
* cpe:/a:gnu:gnutls:1.2.2
* cpe:/a:gnu:gnutls:1.2.5
* cpe:/a:gnu:gnutls:1.2.4
* cpe:/a:gnu:gnutls:1.2.7
* cpe:/a:gnu:gnutls:1.2.6
* cpe:/a:gnu:gnutls:1.2.8.1a1
* cpe:/a:gnu:gnutls:1.2.8
* cpe:/a:gnu:gnutls:1.2.9
* cpe:/a:gnu:gnutls:1.3.0
* cpe:/a:gnu:gnutls:1.3.1
* cpe:/a:gnu:gnutls:1.3.2
* cpe:/a:gnu:gnutls:1.3.3
* cpe:/a:gnu:gnutls:1.3.4
* cpe:/a:gnu:gnutls:1.3.5
* cpe:/a:gnu:gnutls:1.4.0
* cpe:/a:gnu:gnutls:1.4.1
* cpe:/a:gnu:gnutls:1.4.5
* cpe:/a:gnu:gnutls:1.6.3
* cpe:/a:gnu:gnutls:1.7.14
* cpe:/a:gnu:gnutls:2.2.2
* cpe:/a:gnu:gnutls:1.7.15
* cpe:/a:gnu:gnutls:2.2.1
* cpe:/a:gnu:gnutls:1.7.12
* cpe:/a:gnu:gnutls:2.2.0
* cpe:/a:gnu:gnutls:1.7.13
* cpe:/a:gnu:gnutls:2.0.4
* cpe:/a:gnu:gnutls:1.1.13
* cpe:/a:gnu:gnutls:1.7.18
* cpe:/a:gnu:gnutls:1.7.19
* cpe:/a:gnu:gnutls:2.2.5
* cpe:/a:gnu:gnutls:1.7.16
* cpe:/a:gnu:gnutls:2.2.4
* cpe:/a:gnu:gnutls:1.7.17
* cpe:/a:gnu:gnutls:2.2.3
* cpe:/a:gnu:gnutls:1.5.0
* cpe:/a:gnu:gnutls:2.0.2
* cpe:/a:gnu:gnutls:1.4.4
* cpe:/a:gnu:gnutls:2.0.3
* cpe:/a:gnu:gnutls:1.4.3
* cpe:/a:gnu:gnutls:2.0.0
* cpe:/a:gnu:gnutls:1.4.2
* cpe:/a:gnu:gnutls:2.0.1
* cpe:/a:gnu:gnutls:1.5.4
* cpe:/a:gnu:gnutls:2.1.2
* cpe:/a:gnu:gnutls:1.5.3
* cpe:/a:gnu:gnutls:2.1.3
* cpe:/a:gnu:gnutls:1.5.2
* cpe:/a:gnu:gnutls:2.1.0
* cpe:/a:gnu:gnutls:1.5.1
* cpe:/a:gnu:gnutls:2.1.1
* cpe:/a:gnu:gnutls:1.6.1
* cpe:/a:gnu:gnutls:2.1.7
* cpe:/a:gnu:gnutls:1.6.2
* cpe:/a:gnu:gnutls:2.1.6
* cpe:/a:gnu:gnutls:1.5.5
* cpe:/a:gnu:gnutls:2.1.5
* cpe:/a:gnu:gnutls:1.6.0
* cpe:/a:gnu:gnutls:2.1.4
* cpe:/a:gnu:gnutls:1.7.2
* cpe:/a:gnu:gnutls:1.7.3
* cpe:/a:gnu:gnutls:2.3.1
* cpe:/a:gnu:gnutls:1.7.0
* cpe:/a:gnu:gnutls:2.3.0
* cpe:/a:gnu:gnutls:1.7.1
* cpe:/a:gnu:gnutls:2.1.8
* cpe:/a:gnu:gnutls:1.7.6
* cpe:/a:gnu:gnutls:1.7.7
* cpe:/a:gnu:gnutls:1.7.4
* cpe:/a:gnu:gnutls:1.7.5
* cpe:/a:gnu:gnutls:1.7.10
* cpe:/a:gnu:gnutls:2.3.10
* cpe:/a:gnu:gnutls:1.7.11
* cpe:/a:gnu:gnutls:1.7.8
* cpe:/a:gnu:gnutls:1.7.9
* cpe:/a:gnu:gnutls:2.5.0
* cpe:/a:gnu:gnutls:2.6.0
* cpe:/a:gnu:gnutls:2.4.0
* cpe:/a:gnu:gnutls:2.6.2
* cpe:/a:gnu:gnutls:2.6.3
* cpe:/a:gnu:gnutls:2.6.4
* cpe:/a:gnu:gnutls:2.6.5
* cpe:/a:gnu:gnutls:2.4.2
* cpe:/a:gnu:gnutls:2.4.1
* cpe:/a:gnu:gnutls:2.6.6
* cpe:/a:gnu:gnutls:2.8.0
* cpe:/a:gnu:gnutls:2.6.1
* cpe:/a:gnu:gnutls:2.3.11
* cpe:/a:gnu:gnutls:2.3.2
* cpe:/a:gnu:gnutls:2.3.6
* cpe:/a:gnu:gnutls:2.3.5
* cpe:/a:gnu:gnutls:2.3.4
* cpe:/a:gnu:gnutls:2.3.3
* cpe:/a:gnu:gnutls:2.3.9
* cpe:/a:gnu:gnutls:2.3.8
* cpe:/a:gnu:gnutls:2.3.7
* cpe:/a:gnu:gnutls:2.8.1 and previous versions
* cpe:/a:mozilla:nss:3.11.8
* cpe:/a:mozilla:nss:3.11.2
* cpe:/a:mozilla:nss:3.6
* cpe:/a:mozilla:nss:3.12
* cpe:/a:mozilla:nss:3.11.7
* cpe:/a:mozilla:nss:3.4
* cpe:/a:mozilla:nss:3.11.4
* cpe:/a:mozilla:nss:3.0
* cpe:/a:mozilla:nss:3.7.7
* cpe:/a:mozilla:nss:3.9
* cpe:/a:mozilla:nss:3.7
* cpe:/a:mozilla:nss:3.7.5
* cpe:/a:mozilla:nss:3.7.2
* cpe:/a:mozilla:nss:3.7.1
* cpe:/a:mozilla:nss:3.8
* cpe:/a:mozilla:nss:3.7.3
* cpe:/a:mozilla:nss:3.5
* cpe:/a:mozilla:nss:3.12.1
* cpe:/a:mozilla:nss:3.4.3
* cpe:/a:mozilla:nss:3.4.2
* cpe:/a:mozilla:nss:3.6.1
* cpe:/a:mozilla:nss:3.4.1
* cpe:/a:mozilla:nss:3.9.5
* cpe:/a:mozilla:nss:3.10
* cpe:/a:mozilla:nss:3.3.2
* cpe:/a:mozilla:nss:3.3.1
* cpe:/a:mozilla:nss:3.3
* cpe:/a:mozilla:nss:3.2.1
* cpe:/a:mozilla:nss:3.2
* cpe:/a:mozilla:nss:3.12.2 and previous versions
OR
* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)