56 matches found
Linux Distros Unpatched Vulnerability : CVE-2010-4180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in...
OpenSSL 0.9.8 < 0.9.8q Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8q. It is, therefore, affected by a vulnerability as referenced in the 0.9.8q advisory. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification o...
Debian: Security Advisory (DSA-2141-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K12543: OpenSSL vulnerability CVE-2010-4180
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
Solaris 10 (sparc) : 146857-01
SunOS 5.10: ssl patch for wanboot. Date this patch was last updated by Sun : Mar/23/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Oracle: Security Advisory (ELSA-2010-0979)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2010-0978)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0014-1)
Malicious clients could downgrade a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)
Fix IMAP, POP3 and SMTP URL sanitization bnc740452, CVE-2012-0036 - Disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option when built against an older OpenSSL version CVE-2010-4180. - Don't enable SSLOPDONTINSERTEMPTYFRAGMENTS bnc742306, CVE-2011-3389. %NASLMINLEVEL 70300 C Tenable Network Security,...
openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)
The following vulnerabilities have been fixed in curl : - IMAP, POP3 and SMTP URL sanitization vulnerability CVE-2012-0036 - disable SSLOPDONTINSERTEMPTYFRAGMENTS CVE-2011-3389 - disable SSLOPNETSCAPEREUSECIPHERCHANGEBUG option for older openssl versions CVE-2010-4180 %NASLMINLEVEL 70300 C Tenabl...
openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1)
This update adds openssl patches since 2007 for : - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1)
This update adds openssl patches since 2007 for : - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Oracle Linux 6 : openssl (ELSA-2010-0979)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0979 advisory. - disable code for SSLOPNETSCAPEREUSECIPHERCHANGEBUG - CVE-2010-3864 649304 Tenable has extracted the preceding description block directly from the...
Oracle Linux 5 : openssl (ELSA-2010-0978)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0978 advisory. 0.9.8e-12.7 - fix CVE-2010-4180 - completely disable code for SSLOPNETSCAPEREUSECIPHERCHANGEBUG 659462 Tenable has extracted the preceding description...
SuSE 10 Security Update : libcurl4 (ZYPP Patch Number 8618) (BEAST)
This update of curl fixes several security issues : - libcurl URL decode buffer boundary flaw. bnc824517 / CVE-2013-2174 - cookie domain tailmatch. bnc814655 / CVE-2013-1944 - curl sets SSLOPALL. bnc742306 / CVE-2011-3389 - When SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly...
Scientific Linux Security Update : openssl on SL6.x i386/x86_64
A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...
Scientific Linux Security Update : openssl on SL4.x, SL5.x i386/x86_64
A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...
SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7645)
This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7462)
Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el55.7 resolving two security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b...