CVE-2010-4180
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.023 Low
EPSS
Percentile
89.5%
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
cvs.openssl.org/chngview?cn=20131
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
marc.info/?l=bugtraq&m=129916880600544&w=2
marc.info/?l=bugtraq&m=130497251507577&w=2
marc.info/?l=bugtraq&m=132077688910227&w=2
openssl.org/news/secadv_20101202.txt
osvdb.org/69565
secunia.com/advisories/42469
secunia.com/advisories/42473
secunia.com/advisories/42493
secunia.com/advisories/42571
secunia.com/advisories/42620
secunia.com/advisories/42811
secunia.com/advisories/42877
secunia.com/advisories/43169
secunia.com/advisories/43170
secunia.com/advisories/43171
secunia.com/advisories/43172
secunia.com/advisories/43173
secunia.com/advisories/44269
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
support.apple.com/kb/HT4723
ubuntu.com/usn/usn-1029-1
www.debian.org/security/2011/dsa-2141
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2010:248
www.redhat.com/support/errata/RHSA-2010-0977.html
www.redhat.com/support/errata/RHSA-2010-0978.html
www.redhat.com/support/errata/RHSA-2010-0979.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.securityfocus.com/archive/1/522176
www.securityfocus.com/bid/45164
www.securitytracker.com/id?1024822
www.vupen.com/english/advisories/2010/3120
www.vupen.com/english/advisories/2010/3122
www.vupen.com/english/advisories/2010/3134
www.vupen.com/english/advisories/2010/3188
www.vupen.com/english/advisories/2011/0032
www.vupen.com/english/advisories/2011/0076
www.vupen.com/english/advisories/2011/0268
bugzilla.redhat.com/show_bug.cgi?id=659462
kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
Social References
More
Related
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.023 Low
EPSS
Percentile
89.5%