Back to search
CVE-2008-7270
Published: Dec 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://cvs.openssl.org/chngview?cn=17489
x_refsource_CONFIRM
42493
third-party-advisory
x_refsource_SECUNIA
SSRT100817
vendor-advisory
x_refsource_HP
USN-1029-1
vendor-advisory
x_refsource_UBUNTU
HPSBHF02706
vendor-advisory
x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=659462
x_refsource_CONFIRM
HPSBMU02759
vendor-advisory
x_refsource_HP
45254
vdb-entry
x_refsource_BID
RHSA-2010:0977
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0978
vendor-advisory
x_refsource_REDHAT
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
SSRT100613
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now