[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4180Date: (C)2010-12-06   (M)2024-03-26


OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1024822
SECUNIA-42469
SECUNIA-42473
SECUNIA-42493
SECUNIA-42571
SECUNIA-42620
SECUNIA-42811
SECUNIA-42877
SECUNIA-43169
SECUNIA-43170
SECUNIA-43171
SECUNIA-43172
SECUNIA-43173
SECUNIA-44269
BID-45164
OSVDB-69565
ADV-2010-3120
ADV-2010-3122
ADV-2010-3134
ADV-2010-3188
ADV-2011-0032
ADV-2011-0076
ADV-2011-0268
APPLE-SA-2011-06-23-1
DSA-2141
FEDORA-2010-18736
FEDORA-2010-18765
HPSBHF02706
HPSBMA02658
HPSBUX02638
MDVSA-2010:248
RHSA-2010:0977
RHSA-2010:0978
RHSA-2010:0979
RHSA-2011:0896
SSA:2010-340-01
SSRT100475
SSRT100817
SUSE-SR:2011:001
SUSE-SR:2011:009
SUSE-SU-2011:0847
USN-1029-1
VU#737740
http://cvs.openssl.org/chngview?cn=20131
http://openssl.org/news/secadv_20101202.txt
http://support.apple.com/kb/HT4723
https://bugzilla.redhat.com/show_bug.cgi?id=659462
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
openSUSE-SU-2011:0845
oval:org.mitre.oval:def:18910

CPE    12
cpe:/o:opensuse:opensuse:11.1
cpe:/o:opensuse:opensuse:11.3
cpe:/o:opensuse:opensuse:11.2
cpe:/o:opensuse:opensuse:11.4
...
OVAL    22
oval:org.secpod.oval:def:700140
oval:org.secpod.oval:def:201859
oval:org.secpod.oval:def:201813
oval:org.secpod.oval:def:849
...

© SecPod Technologies