4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
openssl uses an insecure TLS configuration. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session.\
cvs.openssl.org/chngview?cn=17489
marc.info/?l=bugtraq&m=132077688910227&w=2
secunia.com/advisories/42493
ubuntu.com/usn/usn-1029-1
www.redhat.com/support/errata/RHSA-2010-0977.html
www.redhat.com/support/errata/RHSA-2010-0978.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.securityfocus.com/archive/1/522176
www.securityfocus.com/bid/45254
access.redhat.com/errata/RHSA-2010:0978
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=659462