Lucene search

K

RedhatCVELIST:CVE-2010-4180

HistoryDec 06, 2010 - 9:00 p.m.

CVE-2010-4180

2010-12-0621:00:00

redhat

www.cve.org

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

References

cvs.openssl.org/chngview?cn=20131

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

marc.info/?l=bugtraq&m=129916880600544&w=2

marc.info/?l=bugtraq&m=130497251507577&w=2

marc.info/?l=bugtraq&m=132077688910227&w=2

openssl.org/news/secadv_20101202.txt

osvdb.org/69565

secunia.com/advisories/42469

secunia.com/advisories/42473

secunia.com/advisories/42493

secunia.com/advisories/42571

secunia.com/advisories/42620

secunia.com/advisories/42811

secunia.com/advisories/42877

secunia.com/advisories/43169

secunia.com/advisories/43170

secunia.com/advisories/43171

secunia.com/advisories/43172

secunia.com/advisories/43173

secunia.com/advisories/44269

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

support.apple.com/kb/HT4723

ubuntu.com/usn/usn-1029-1

www.debian.org/security/2011/dsa-2141

www.kb.cert.org/vuls/id/737740

www.mandriva.com/security/advisories?name=MDVSA-2010:248

www.redhat.com/support/errata/RHSA-2010-0977.html

www.redhat.com/support/errata/RHSA-2010-0978.html

www.redhat.com/support/errata/RHSA-2010-0979.html

www.redhat.com/support/errata/RHSA-2011-0896.html

www.securityfocus.com/archive/1/522176

www.securityfocus.com/bid/45164

www.securitytracker.com/id?1024822

www.vupen.com/english/advisories/2010/3120

www.vupen.com/english/advisories/2010/3122

www.vupen.com/english/advisories/2010/3134

www.vupen.com/english/advisories/2010/3188

www.vupen.com/english/advisories/2011/0032

www.vupen.com/english/advisories/2011/0076

www.vupen.com/english/advisories/2011/0268

bugzilla.redhat.com/show_bug.cgi?id=659462

kb.bluecoat.com/index?page=content&id=SA53&actp=LIST

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

Related for CVELIST:CVE-2010-4180

nessus52 openssl1 veracode1 debiancve2 f54 altlinux5 cve2 prion2 nvd2 redhat3 openvas42 ubuntucve2 oraclelinux4 slackware1 ubuntu1 securityvulns7 fedora5 debian2 osv2 centos2 cvelist1 suse2 cert1 gentoo1 ibm1 vmware4 lenovo2