Lucene search

PRIOn knowledge basePRION:CVE-2010-4180

HistoryDec 06, 2010 - 9:05 p.m.

Session fixation

2010-12-0621:05:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

89.3%

JSON

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CPENameOperatorVersion
ubuntu_linuxeq10.10
ubuntu_linuxeq9.04
ubuntu_linuxeq8.04
ubuntu_linuxeq10.04
ubuntu_linuxeq6.06
debian_linuxeq5.0
nginxlt0.9.2
fedoraeq13
fedoraeq14
opensslge1.0.0

Name	Operator	Version
ubuntu_linux	eq	10.10
ubuntu_linux	eq	9.04
ubuntu_linux	eq	8.04
ubuntu_linux	eq	10.04
ubuntu_linux	eq	6.06
debian_linux	eq	5.0
nginx	lt	0.9.2
fedora	eq	13
fedora	eq	14
openssl	ge	1.0.0

Rows per page:

1-10 of 231

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

osvdb.org/69565

secunia.com/advisories/42469

secunia.com/advisories/42473

secunia.com/advisories/42493

secunia.com/advisories/42571

secunia.com/advisories/42620

secunia.com/advisories/42811

secunia.com/advisories/42877

secunia.com/advisories/43169

secunia.com/advisories/43170

secunia.com/advisories/43171

secunia.com/advisories/43172

secunia.com/advisories/43173

secunia.com/advisories/44269

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

support.apple.com/kb/HT4723

ubuntu.com/usn/usn-1029-1

www.debian.org/security/2011/dsa-2141

www.kb.cert.org/vuls/id/737740

www.mandriva.com/security/advisories?name=MDVSA-2010:248

www.redhat.com/support/errata/RHSA-2010-0977.html

www.redhat.com/support/errata/RHSA-2010-0978.html

www.redhat.com/support/errata/RHSA-2010-0979.html

www.redhat.com/support/errata/RHSA-2011-0896.html

www.securityfocus.com/archive/1/522176

www.securityfocus.com/bid/45164

www.securitytracker.com/id?1024822

www.vupen.com/english/advisories/2010/3120

www.vupen.com/english/advisories/2010/3122

www.vupen.com/english/advisories/2010/3134

www.vupen.com/english/advisories/2010/3188

www.vupen.com/english/advisories/2011/0032

www.vupen.com/english/advisories/2011/0076

www.vupen.com/english/advisories/2011/0268

bugzilla.redhat.com/show_bug.cgi?id=659462

cvs.openssl.org/chngview?cn=20131

kb.bluecoat.com/index?page=content&id=SA53&actp=LIST

lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html

marc.info/?l=bugtraq&m=129916880600544&w=2

marc.info/?l=bugtraq&m=130497251507577&w=2

marc.info/?l=bugtraq&m=132077688910227&w=2

openssl.org/news/secadv_20101202.txt

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

89.3%

JSON

Related for PRION:CVE-2010-4180