Back to search
CVE-2010-4180
Published: Dec 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SR:2011:001
vendor-advisory
x_refsource_SUSE
1024822
vdb-entry
x_refsource_SECTRACK
42473
third-party-advisory
x_refsource_SECUNIA
42571
third-party-advisory
x_refsource_SECUNIA
43170
third-party-advisory
x_refsource_SECUNIA
SSA:2010-340-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2011-0268
vdb-entry
x_refsource_VUPEN
SUSE-SR:2011:009
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT4723
x_refsource_CONFIRM
SUSE-SU-2011:0847
vendor-advisory
x_refsource_SUSE
42493
third-party-advisory
x_refsource_SECUNIA
43173
third-party-advisory
x_refsource_SECUNIA
FEDORA-2010-18765
vendor-advisory
x_refsource_FEDORA
ADV-2011-0032
vdb-entry
x_refsource_VUPEN
openSUSE-SU-2011:0845
vendor-advisory
x_refsource_SUSE
43171
third-party-advisory
x_refsource_SECUNIA
42620
third-party-advisory
x_refsource_SECUNIA
SSRT100817
vendor-advisory
x_refsource_HP
APPLE-SA-2011-06-23-1
vendor-advisory
x_refsource_APPLE
USN-1029-1
vendor-advisory
x_refsource_UBUNTU
ADV-2010-3120
vdb-entry
x_refsource_VUPEN
FEDORA-2010-18736
vendor-advisory
x_refsource_FEDORA
ADV-2010-3122
vdb-entry
x_refsource_VUPEN
43169
third-party-advisory
x_refsource_SECUNIA
43172
third-party-advisory
x_refsource_SECUNIA
HPSBHF02706
vendor-advisory
x_refsource_HP
45164
vdb-entry
x_refsource_BID
69565
vdb-entry
x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=659462
x_refsource_CONFIRM
VU#737740
third-party-advisory
x_refsource_CERT-VN
42469
third-party-advisory
x_refsource_SECUNIA
HPSBMU02759
vendor-advisory
x_refsource_HP
SSRT100475
vendor-advisory
x_refsource_HP
42877
third-party-advisory
x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=20131
x_refsource_CONFIRM
RHSA-2010:0977
vendor-advisory
x_refsource_REDHAT
HPSBMA02658
vendor-advisory
x_refsource_HP
SSRT100413
vendor-advisory
x_refsource_HP
ADV-2010-3134
vdb-entry
x_refsource_VUPEN
ADV-2010-3188
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:18910
vdb-entry
signature
x_refsource_OVAL
HPSBUX02638
vendor-advisory
x_refsource_HP
ADV-2011-0076
vdb-entry
x_refsource_VUPEN
http://openssl.org/news/secadv_20101202.txt
x_refsource_CONFIRM
RHSA-2010:0978
vendor-advisory
x_refsource_REDHAT
44269
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
DSA-2141
vendor-advisory
x_refsource_DEBIAN
HPSBOV02670
vendor-advisory
x_refsource_HP
SSRT100613
vendor-advisory
x_refsource_HP
SSRT100339
vendor-advisory
x_refsource_HP
MDVSA-2010:248
vendor-advisory
x_refsource_MANDRIVA
RHSA-2010:0979
vendor-advisory
x_refsource_REDHAT
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
x_refsource_CONFIRM
42811
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now