9.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.023 Low
EPSS
Percentile
89.4%
It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. This could possibly allow an attacker to downgrade the
ciphersuite to a weaker one on subsequent connections. (CVE-2010-4180)
It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. An attacker could possibly take advantage of this to
force the use of a disabled cipher. This vulnerability only affects
the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and
Ubuntu 9.10. (CVE-2008-7270)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | libssl0.9.8 | <Ā 0.9.8g-16ubuntu3.5 | UNKNOWN |
Ubuntu | 9.10 | noarch | libcrypto0.9.8-udeb | <Ā 0.9.8g-16ubuntu3.5 | UNKNOWN |
Ubuntu | 9.10 | noarch | libssl-dev | <Ā 0.9.8g-16ubuntu3.5 | UNKNOWN |
Ubuntu | 9.10 | noarch | libssl0.9.8-dbg | <Ā 0.9.8g-16ubuntu3.5 | UNKNOWN |
Ubuntu | 9.10 | noarch | openssl | <Ā 0.9.8g-16ubuntu3.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8 | <Ā 0.9.8g-4ubuntu3.13 | UNKNOWN |
Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | <Ā 0.9.8g-4ubuntu3.13 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl-dev | <Ā 0.9.8g-4ubuntu3.13 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | <Ā 0.9.8g-4ubuntu3.13 | UNKNOWN |
Ubuntu | 8.04 | noarch | openssl | <Ā 0.9.8g-4ubuntu3.13 | UNKNOWN |