Vulnerability Scan detecting CVE-2009-3555

Vulnerability Scan detecting CVE-2009-3555

14303
Created On 04/28/22 15:10 PM - Last Modified 12/15/22 22:54 PM


Symptom


Vulnerability scanner shows CVE-2009-3555 / TLS Session Renegotiation Vulnerability

Environment


  • Palo Alto Firewall and Panorama
  • PAN-OS 9.0 and above
  • CVE-2009-3555 / TLS Session Renegotiation Vulnerability

Cause


Vulnerability scanner shows PANOS device susceptible to CVE-2009-3555

Resolution


  1. CVE-2009-3555 impacts, among others, mod_ssl in the Apache HTTP Server versions 2.2.14 and earlier and OpenSSL versions before 0.9.8l
  2. Releases 8.1 and lower PANOS utilizes PHP and AppWeb that are not vulnerable.  They also utilize OpenSSL version 1.0.1e which is not vulnerable.
  3. Starting in 9.0 PANOS utilizes Apache HTTP Server 2.4.6 and OpenSSL version 1.0.1e which are not vulnerable.

Additional Information


Open-Source Software (OSS) listings for PAN-OS and Panorama are listed below
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNkgCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language