[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4180

Date: (C)2010-12-06   (M)2017-09-22
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Reference:
SECTRACK-1024822
SECUNIA-42469
SECUNIA-42473
SECUNIA-42493
SECUNIA-42571
SECUNIA-42620
SECUNIA-42811
SECUNIA-42877
SECUNIA-43169
SECUNIA-43170
SECUNIA-43171
SECUNIA-43172
SECUNIA-43173
SECUNIA-44269
BID-45164
OSVDB-69565
ADV-2010-3120
ADV-2010-3122
ADV-2010-3134
ADV-2010-3188
ADV-2011-0032
ADV-2011-0076
ADV-2011-0268
APPLE-SA-2011-06-23-1
DSA-2141
FEDORA-2010-18736
FEDORA-2010-18765
HPSBHF02706
HPSBMA02658
HPSBMU02759
IAVM:2011-A-0149
IAVM:2011-A-0160
IAVM:2012-A-0148
IAVM:2012-A-0153
IAVM:2012-B-0038
MDVSA-2010:248
RHSA-2010:0977
RHSA-2010:0978
RHSA-2010:0979
RHSA-2011:0896
SSA:2010-340-01
SSRT100339
SSRT100413
SSRT100475
SSRT100613
SSRT100817
SUSE-SR:2011:001
SUSE-SR:2011:009
SUSE-SU-2011:0847
USN-1029-1
VU#737740
http://cvs.openssl.org/chngview?cn=20131
http://openssl.org/news/secadv_20101202.txt
http://support.apple.com/kb/HT4723
https://bugzilla.redhat.com/show_bug.cgi?id=659462
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
openSUSE-SU-2011:0845

CPE    76
cpe:/a:openssl:openssl:1.0.0b
cpe:/a:openssl:openssl:1.0.0a
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta1
...
OVAL    21
oval:org.secpod.oval:def:103253
oval:org.secpod.oval:def:101303
oval:org.secpod.oval:def:301183
oval:org.secpod.oval:def:849
...

© 2013 SecPod Technologies