4.3

CVE-2010-4180

EPSS 3.85%
Veröffentlicht 06.12.2010 21:05:48
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 53

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version < 0.9.8q

OpenSSL ≫ OpenSSL Version >= 1.0.0 < 1.0.0c

Fedoraproject ≫ Fedora Version13

Fedoraproject ≫ Fedora Version14

Debian ≫ Debian Linux Version5.0

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version9.04

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

Opensuse ≫ Opensuse Version11.1

Opensuse ≫ Opensuse Version11.2

Opensuse ≫ Opensuse Version11.3

Opensuse ≫ Opensuse Version11.4

Suse ≫ Linux Enterprise Version11.0 Updatesp1

Suse ≫ Linux Enterprise Desktop Version10 Updatesp3

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp1

Suse ≫ Linux Enterprise Server Version9

Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEdition-

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

F5 ≫ Nginx Version < 0.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.85%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Third Party Advisory

Mailing List

http://www.redhat.com/support/errata/RHSA-2011-0896.html

Vendor Advisory

http://marc.info/?l=bugtraq&m=132077688910227&w=2

Third Party Advisory

Issue Tracking

http://secunia.com/advisories/42811

Not Applicable

http://www.debian.org/security/2011/dsa-2141

Third Party Advisory

http://www.securityfocus.com/archive/1/522176

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2011/0032

Permissions Required

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

Third Party Advisory

Broken Link

Mailing List

http://support.apple.com/kb/HT4723

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0977.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/42877

Not Applicable

http://www.vupen.com/english/advisories/2011/0076

Permissions Required

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Third Party Advisory

Mailing List

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

Broken Link

http://marc.info/?l=bugtraq&m=129916880600544&w=2

Third Party Advisory

Issue Tracking

http://marc.info/?l=bugtraq&m=130497251507577&w=2

Third Party Advisory

Issue Tracking

http://secunia.com/advisories/44269

Not Applicable

http://www.kb.cert.org/vuls/id/737740

Third Party Advisory

US Government Resource

http://cvs.openssl.org/chngview?cn=20131

Patch

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html

Third Party Advisory

Mailing List

http://openssl.org/news/secadv_20101202.txt

Patch

Third Party Advisory

http://osvdb.org/69565

Broken Link

http://secunia.com/advisories/42469

Not Applicable

http://secunia.com/advisories/42473

Not Applicable

http://secunia.com/advisories/42493

Not Applicable

http://secunia.com/advisories/42571

Not Applicable

http://secunia.com/advisories/42620

Not Applicable

http://secunia.com/advisories/43169

Not Applicable

http://secunia.com/advisories/43170

Not Applicable

http://secunia.com/advisories/43171

Not Applicable

http://secunia.com/advisories/43172

Not Applicable

http://secunia.com/advisories/43173

Not Applicable

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

Third Party Advisory

http://ubuntu.com/usn/usn-1029-1

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:248

Permissions Required

http://www.redhat.com/support/errata/RHSA-2010-0978.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0979.html

Third Party Advisory

http://www.securityfocus.com/bid/45164

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1024822

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2010/3120

Permissions Required

http://www.vupen.com/english/advisories/2010/3122

Permissions Required

http://www.vupen.com/english/advisories/2010/3134

Permissions Required

http://www.vupen.com/english/advisories/2010/3188

Permissions Required

http://www.vupen.com/english/advisories/2011/0268

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=659462

Patch

Third Party Advisory

Issue Tracking

https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-4180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4180

EUVD