[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114563

 
 

909

 
 

88860

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-4180Date: (C)2010-12-06   (M)2018-09-27


OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1024822
SECUNIA-42469
SECUNIA-42473
SECUNIA-42493
SECUNIA-42571
SECUNIA-42620
SECUNIA-42811
SECUNIA-42877
SECUNIA-43169
SECUNIA-43170
SECUNIA-43171
SECUNIA-43172
SECUNIA-43173
SECUNIA-44269
BID-45164
OSVDB-69565
ADV-2010-3120
ADV-2010-3122
ADV-2010-3134
ADV-2010-3188
ADV-2011-0032
ADV-2011-0076
ADV-2011-0268
APPLE-SA-2011-06-23-1
DSA-2141
FEDORA-2010-18736
FEDORA-2010-18765
HPSBHF02706
HPSBMA02658
HPSBMU02759
IAVM:2011-A-0149
IAVM:2011-A-0160
IAVM:2012-A-0148
IAVM:2012-A-0153
IAVM:2012-B-0038
MDVSA-2010:248
RHSA-2010:0977
RHSA-2010:0978
RHSA-2010:0979
RHSA-2011:0896
SSA:2010-340-01
SSRT100339
SSRT100413
SSRT100475
SSRT100613
SSRT100817
SUSE-SR:2011:001
SUSE-SR:2011:009
SUSE-SU-2011:0847
USN-1029-1
VU#737740
http://cvs.openssl.org/chngview?cn=20131
http://openssl.org/news/secadv_20101202.txt
http://support.apple.com/kb/HT4723
https://bugzilla.redhat.com/show_bug.cgi?id=659462
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
openSUSE-SU-2011:0845

CPE    76
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta3
cpe:/a:openssl:openssl:1.0.0:beta5
...
OVAL    21
oval:org.secpod.oval:def:2880
oval:org.secpod.oval:def:103113
oval:org.secpod.oval:def:21272
oval:org.secpod.oval:def:103153
...

© SecPod Technologies