8.7 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.2%
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
CPE | Name | Operator | Version |
---|---|---|---|
openssl | eq | 0.9.7 beta5 | |
openssl | eq | 0.9.7 beta3 | |
openssl | eq | 0.9.5a beta2 | |
openssl | eq | 0.9.7 beta6 | |
openssl | eq | 0.9.898 | |
openssl | eq | 0.9.7108 | |
openssl | eq | 0.9.6105 | |
openssl | eq | 0.9.3 | |
openssl | eq | 0.9.899 | |
openssl | eq | 0.9.7 beta2 |
secunia.com/advisories/42493
ubuntu.com/usn/usn-1029-1
www.redhat.com/support/errata/RHSA-2010-0977.html
www.redhat.com/support/errata/RHSA-2010-0978.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.securityfocus.com/archive/1/522176
www.securityfocus.com/bid/45254
bugzilla.redhat.com/show_bug.cgi?id=659462
cvs.openssl.org/chngview?cn=17489
marc.info/?l=bugtraq&m=132077688910227&w=2