Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-7270
HistoryDec 06, 2010 - 10:30 p.m.

CVE-2008-7270

2010-12-0622:30:31
CWE-310
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Affected configurations

NVD
Node
opensslopensslRangeโ‰ค0.9.8i
OR
opensslopensslMatch0.9.1c
OR
opensslopensslMatch0.9.2b
OR
opensslopensslMatch0.9.3
OR
opensslopensslMatch0.9.3a
OR
opensslopensslMatch0.9.4
OR
opensslopensslMatch0.9.5
OR
opensslopensslMatch0.9.5beta1
OR
opensslopensslMatch0.9.5beta2
OR
opensslopensslMatch0.9.5a
OR
opensslopensslMatch0.9.5abeta1
OR
opensslopensslMatch0.9.5abeta2
OR
opensslopensslMatch0.9.6
OR
opensslopensslMatch0.9.6beta1
OR
opensslopensslMatch0.9.6beta2
OR
opensslopensslMatch0.9.6beta3
OR
opensslopensslMatch0.9.6a
OR
opensslopensslMatch0.9.6abeta1
OR
opensslopensslMatch0.9.6abeta2
OR
opensslopensslMatch0.9.6abeta3
OR
opensslopensslMatch0.9.6b
OR
opensslopensslMatch0.9.6c
OR
opensslopensslMatch0.9.6d
OR
opensslopensslMatch0.9.6e
OR
opensslopensslMatch0.9.6f
OR
opensslopensslMatch0.9.6g
OR
opensslopensslMatch0.9.6h
OR
opensslopensslMatch0.9.6i
OR
opensslopensslMatch0.9.6j
OR
opensslopensslMatch0.9.6k
OR
opensslopensslMatch0.9.6l
OR
opensslopensslMatch0.9.6m
OR
opensslopensslMatch0.9.7
OR
opensslopensslMatch0.9.7beta1
OR
opensslopensslMatch0.9.7beta2
OR
opensslopensslMatch0.9.7beta3
OR
opensslopensslMatch0.9.7beta4
OR
opensslopensslMatch0.9.7beta5
OR
opensslopensslMatch0.9.7beta6
OR
opensslopensslMatch0.9.7a
OR
opensslopensslMatch0.9.7b
OR
opensslopensslMatch0.9.7c
OR
opensslopensslMatch0.9.7d
OR
opensslopensslMatch0.9.7e
OR
opensslopensslMatch0.9.7f
OR
opensslopensslMatch0.9.7g
OR
opensslopensslMatch0.9.7h
OR
opensslopensslMatch0.9.7i
OR
opensslopensslMatch0.9.7j
OR
opensslopensslMatch0.9.7k
OR
opensslopensslMatch0.9.7l
OR
opensslopensslMatch0.9.7m
OR
opensslopensslMatch0.9.8
OR
opensslopensslMatch0.9.8a
OR
opensslopensslMatch0.9.8b
OR
opensslopensslMatch0.9.8c
OR
opensslopensslMatch0.9.8d
OR
opensslopensslMatch0.9.8e
OR
opensslopensslMatch0.9.8f
OR
opensslopensslMatch0.9.8g
OR
opensslopensslMatch0.9.8h

Related

nessus 54
openvas 44
f5 4
centos 2
prion 2
cvelist 2
debiancve 2
oraclelinux 4
redhat 3
cve 2
ubuntucve 2
securityvulns 8
ubuntu 1
veracode 2
openssl 1
altlinux 5
nvd 1
slackware 1
fedora 5
debian 2
osv 2
suse 2
cert 1
gentoo 1
ibm 1
lenovo 2
vmware 4
nessus
nessus
CentOS 5 : openssl (CESA-2010:0978)
2010-12-14 00:00:00
RHEL 5 : openssl (RHSA-2010:0978)
2010-12-14 00:00:00
Oracle Linux 5 : openssl (ELSA-2010-0978)
2013-07-12 00:00:00
openvas
openvas
CentOS Update for openssl CESA-2010:0978 centos5 i386
2011-08-09 00:00:00
RedHat Update for openssl RHSA-2010:0978-01
2010-12-28 00:00:00
Ubuntu: Security Advisory (USN-1029-1)
2010-12-23 00:00:00
f5
f5
K12853 : OpenSSL vulnerability CVE-2008-7270
2013-09-04 00:00:00
SOL12853 - OpenSSL vulnerability CVE-2008-7270
2011-05-24 00:00:00
SOL12543 - OpenSSL vulnerability CVE-2010-4180
2011-01-26 00:00:00
centos
centos
openssl security update
2010-12-14 01:19:08
openssl security update
2011-01-27 09:11:13
prion
prion
Session fixation
2010-12-06 22:30:00
Session fixation
2010-12-06 21:05:00
cvelist
cvelist
CVE-2008-7270
2010-12-06 22:00:00
CVE-2010-4180
2010-12-06 21:00:00
debiancve
debiancve
CVE-2008-7270
2010-12-06 22:30:31
CVE-2010-4180
2010-12-06 21:05:48
oraclelinux
oraclelinux
openssl security update
2010-12-13 00:00:00
openssl security update
2010-12-13 00:00:00
openssl security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0977) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
cve
cve
CVE-2008-7270
2010-12-06 22:30:31
CVE-2010-4180
2010-12-06 21:05:48
ubuntucve
ubuntucve
CVE-2008-7270
2010-12-06 00:00:00
CVE-2010-4180
2010-12-06 00:00:00
securityvulns
securityvulns
[USN-1029-1] OpenSSL vulnerabilities
2010-12-09 00:00:00
OpenSSL protection level downgrade
2010-12-09 00:00:00
[security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure
2013-07-16 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2010-12-08 00:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:25
Insecure TLS Configuration
2020-04-10 00:56:26
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
nvd
nvd
CVE-2010-4180
2010-12-06 21:05:48
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
fedora
fedora
[SECURITY] Fedora 14 Update: openssl-1.0.0c-1.fc14
2010-12-10 20:26:33
[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14
2011-02-14 20:28:21
[SECURITY] Fedora 13 Update: openssl-1.0.0c-1.fc13
2010-12-17 08:35:37
debian
debian
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
osv
osv
openssl - protocol design flaw
2011-01-06 00:00:00
nss - protocol design flaw
2011-01-06 00:00:00
suse
suse
compat-openssl097g (important)
2011-07-27 16:08:25
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
ibm
ibm
Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL
2022-09-25 20:45:36
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON
Related for NVD:CVE-2008-7270
nessus54openvas44f54centos2prion2cvelist2debiancve2oraclelinux4redhat3cve2ubuntucve2securityvulns8ubuntu1veracode2openssl1altlinux5nvd1slackware1fedora5debian2osv2suse2cert1gentoo1ibm1lenovo2vmware4