4.3

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version < 0.9.8q
OpenSSLOpenSSL Version >= 1.0.0 < 1.0.0c
FedoraprojectFedora Version13
FedoraprojectFedora Version14
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
OpensuseOpensuse Version11.3
OpensuseOpensuse Version11.4
SuseLinux Enterprise Version11.0 Updatesp1
SuseLinux Enterprise Desktop Version10 Updatesp3
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Desktop Version11 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp3 SwEdition-
SuseLinux Enterprise Server Version10 Updatesp4 SwEdition-
F5Nginx Version < 0.9.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.5% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Vendor Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2
Third Party Advisory
Issue Tracking
http://secunia.com/advisories/42811
Not Applicable
http://www.debian.org/security/2011/dsa-2141
Third Party Advisory
http://www.securityfocus.com/archive/1/522176
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0032
Permissions Required
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Third Party Advisory
Broken Link
Mailing List
http://support.apple.com/kb/HT4723
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0977.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42877
Not Applicable
http://www.vupen.com/english/advisories/2011/0076
Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Third Party Advisory
Mailing List
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
Broken Link
http://marc.info/?l=bugtraq&m=129916880600544&w=2
Third Party Advisory
Issue Tracking
http://marc.info/?l=bugtraq&m=130497251507577&w=2
Third Party Advisory
Issue Tracking
http://secunia.com/advisories/44269
Not Applicable
http://www.kb.cert.org/vuls/id/737740
Third Party Advisory
US Government Resource
http://cvs.openssl.org/chngview?cn=20131
Patch
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
Third Party Advisory
Mailing List
http://openssl.org/news/secadv_20101202.txt
Patch
Third Party Advisory
http://osvdb.org/69565
Broken Link
http://secunia.com/advisories/42469
Not Applicable
http://secunia.com/advisories/42473
Not Applicable
http://secunia.com/advisories/42493
Not Applicable
http://secunia.com/advisories/42571
Not Applicable
http://secunia.com/advisories/42620
Not Applicable
http://secunia.com/advisories/43169
Not Applicable
http://secunia.com/advisories/43170
Not Applicable
http://secunia.com/advisories/43171
Not Applicable
http://secunia.com/advisories/43172
Not Applicable
http://secunia.com/advisories/43173
Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
Third Party Advisory
http://ubuntu.com/usn/usn-1029-1
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
Permissions Required
http://www.redhat.com/support/errata/RHSA-2010-0978.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0979.html
Third Party Advisory
http://www.securityfocus.com/bid/45164
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1024822
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/3120
Permissions Required
http://www.vupen.com/english/advisories/2010/3122
Permissions Required
http://www.vupen.com/english/advisories/2010/3134
Permissions Required
http://www.vupen.com/english/advisories/2010/3188
Permissions Required
http://www.vupen.com/english/advisories/2011/0268
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=659462
Patch
Third Party Advisory
Issue Tracking
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
Third Party Advisory