A flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. This issue only affects OpenSSL based SSL/TLS server if it uses OpenSSL's internal caching mechanisms and the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this by using the SSL_OP_ALL option).

veracode 1

nessus 47

debiancve 2

altlinux 5

f5 4

prion 2

cve 2

openvas 42

ubuntucve 2

redhat 3

oraclelinux 4

securityvulns 7

slackware 1

ubuntu 1

centos 2

osv 2

fedora 5

debian 2

suse 2

cert 1

ibm 1

gentoo 1

vmware 4

lenovo 2

veracode

Insecure TLS Configuration

2020-04-10 00:56:26

nessus

RHEL 6 : openssl (RHSA-2010:0979)

2010-12-14 00:00:00

Mandriva Linux Security Advisory : openssl (MDVSA-2010:248)

2010-12-08 00:00:00

Fedora 14 : openssl-1.0.0c-1.fc14 (2010-18765)

2010-12-12 00:00:00

debiancve

CVE-2010-4180

2010-12-06 21:05:00

CVE-2008-7270

2010-12-06 22:30:00

altlinux

Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1

2011-02-01 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1

2011-02-01 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.0c-alt1

2011-02-01 00:00:00

SOL12543 - OpenSSL vulnerability CVE-2010-4180

2011-01-26 00:00:00

K12543 : OpenSSL vulnerability CVE-2010-4180

2013-07-05 00:00:00

K12853 : OpenSSL vulnerability CVE-2008-7270

2013-09-04 00:00:00

prion

Session fixation

2010-12-06 21:05:00

Session fixation

2010-12-06 22:30:00

cve

CVE-2010-4180

2010-12-06 21:05:00

CVE-2008-7270

2010-12-06 22:30:00

openvas

Mandriva Update for openssl MDVSA-2010:248 (openssl)

2010-12-23 00:00:00

Mandriva Update for openssl MDVSA-2010:248 (openssl)

2010-12-23 00:00:00

OpenSSL: Ciphersuite Downgrade Attack (20101202) - Windows

2021-08-16 00:00:00

ubuntucve

CVE-2010-4180

2010-12-06 00:00:00

CVE-2008-7270

2010-12-06 00:00:00

redhat

(RHSA-2010:0979) Moderate: openssl security update

2010-12-13 00:00:00

(RHSA-2010:0978) Moderate: openssl security update

2010-12-13 00:00:00

(RHSA-2010:0977) Moderate: openssl security update

2010-12-13 00:00:00

oraclelinux

openssl security update

2011-02-10 00:00:00

openssl security update

2010-12-13 00:00:00

openssl security update

2010-12-13 00:00:00

securityvulns

[USN-1029-1] OpenSSL vulnerabilities

2010-12-09 00:00:00

OpenSSL protection level downgrade

2010-12-09 00:00:00

[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)

2011-04-26 00:00:00

slackware

[slackware-security] openssl

2010-12-07 07:14:58

ubuntu

OpenSSL vulnerabilities

2010-12-08 00:00:00

centos

openssl security update

2010-12-14 01:19:08

openssl security update

2011-01-27 09:11:13

osv

openssl - protocol design flaw

2011-01-06 00:00:00

nss - protocol design flaw

2011-01-06 00:00:00

fedora

[SECURITY] Fedora 14 Update: openssl-1.0.0c-1.fc14

2010-12-10 20:26:33

[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14

2011-02-14 20:28:21

[SECURITY] Fedora 13 Update: openssl-1.0.0c-1.fc13

2010-12-17 08:35:37

debian

[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw

2011-01-05 23:18:09

[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw

2011-01-05 23:18:09

suse

compat-openssl097g (important)

2011-07-27 16:08:25

Security update for compat-openssl097g (important)

2011-07-27 17:08:16

cert

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

2013-03-18 00:00:00

ibm

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL

2022-09-25 20:45:36

gentoo

OpenSSL: Multiple vulnerabilities

2011-10-09 00:00:00

vmware

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

2011-10-27 00:00:00

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for OPENSSL:CVE-2010-4180