4.3
CVE-2010-4180
- EPSS 9.5%
- Veröffentlicht 06.12.2010 21:05:48
- Zuletzt bearbeitet 16.06.2026 23:24:18
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version13
Fedoraproject ≫ Fedora Version14
Debian ≫ Debian Linux Version5.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Suse ≫ Linux Enterprise Version11.0 Updatesp1
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEdition-
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.5% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://marc.info/?l=bugtraq&m=132077688910227&w=2
http://secunia.com/advisories/42811
http://www.debian.org/security/2011/dsa-2141
http://www.securityfocus.com/archive/1/522176
http://www.vupen.com/english/advisories/2011/0032
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://support.apple.com/kb/HT4723
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://marc.info/?l=bugtraq&m=129916880600544&w=2
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://secunia.com/advisories/44269
http://www.kb.cert.org/vuls/id/737740
http://cvs.openssl.org/chngview?cn=20131
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
http://openssl.org/news/secadv_20101202.txt
http://osvdb.org/69565
http://secunia.com/advisories/42469
http://secunia.com/advisories/42473
http://secunia.com/advisories/42493
http://secunia.com/advisories/42571
http://secunia.com/advisories/42620
http://secunia.com/advisories/43169
http://secunia.com/advisories/43170
http://secunia.com/advisories/43171
http://secunia.com/advisories/43172
http://secunia.com/advisories/43173
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
http://ubuntu.com/usn/usn-1029-1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://www.securityfocus.com/bid/45164
http://www.securitytracker.com/id?1024822
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122
http://www.vupen.com/english/advisories/2010/3134
http://www.vupen.com/english/advisories/2010/3188
http://www.vupen.com/english/advisories/2011/0268
https://bugzilla.redhat.com/show_bug.cgi?id=659462
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910