Lucene search

K
f5F5SOL12543
HistoryJan 26, 2011 - 12:00 a.m.

SOL12543 - OpenSSL vulnerability CVE-2010-4180

2011-01-2600:00:00
support.f5.com
191

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

88.4%

Vulnerability description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Information about this advisory is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180&gt;

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

88.4%