[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

Ciphersuite downgrade vulnerability in OpenSSL version before 0.9.8q and 1.0.x before 1.0.0c

ID: oval:org.secpod.oval:def:849Date: (C)2011-05-06   (M)2018-06-11
Class: VULNERABILITYFamily: windows




The host is installed with OpenSSL and is prone to ciphersuite downgrade vulnerability. A flaw is present in the application, which fails prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. Successful exploitation allow remote attackers to force the downgrade to an unintended cipher.

Platform:
Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
OpenSSL
Reference:
CVE-2010-4180
CVE    1
CVE-2010-4180
CPE    82
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta3
...

© SecPod Technologies