RHEL 3 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: SGC restart DoS attack CVE-2011-4619 - openssl: CMS and PKCS7 Bleichenbacher attack CVE-2012-088...

CVE-2008-7270

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

CVE-2008-7270

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

Session fixation

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...