OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
04 Aug 2022, 19:59
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | (SECUNIA) http://secunia.com/advisories/43170 - Not Applicable | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html - Mailing List, Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=130497251507577&w=2 - Issue Tracking, Third Party Advisory | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/737740 - Third Party Advisory, US Government Resource | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3188 - Permissions Required | |
References | (SECUNIA) http://secunia.com/advisories/42571 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/43171 - Not Applicable | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3120 - Permissions Required | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html - Mailing List, Third Party Advisory | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=129916880600544&w=2 - Issue Tracking, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/44269 - Not Applicable | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html - Mailing List, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1024822 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/43169 - Not Applicable | |
References | (CONFIRM) http://openssl.org/news/secadv_20101202.txt - Patch, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3134 - Permissions Required | |
References | (HP) http://www.securityfocus.com/archive/1/522176 - Third Party Advisory, VDB Entry | |
References | (HP) http://marc.info/?l=bugtraq&m=132077688910227&w=2 - Issue Tracking, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0978.html - Third Party Advisory | |
References | (UBUNTU) http://ubuntu.com/usn/usn-1029-1 - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 - Permissions Required | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0977.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/43173 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/42877 - Not Applicable | |
References | (CONFIRM) http://cvs.openssl.org/chngview?cn=20131 - Broken Link, Patch | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html - Broken Link, Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=659462 - Issue Tracking, Patch, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42620 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/42493 - Not Applicable | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910 - Third Party Advisory | |
References | (CONFIRM) https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2141 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/43172 - Not Applicable | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html - Mailing List, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3122 - Permissions Required | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0979.html - Third Party Advisory | |
References | (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0032 - Permissions Required | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0076 - Permissions Required | |
References | (CONFIRM) http://support.apple.com/kb/HT4723 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42811 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/42469 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/42473 - Not Applicable | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0268 - Permissions Required | |
References | (BID) http://www.securityfocus.com/bid/45164 - Third Party Advisory, VDB Entry | |
References | (OSVDB) http://osvdb.org/69565 - Broken Link | |
CPE | cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* |
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:* cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* |
First Time |
Opensuse opensuse
Fedoraproject fedora Suse linux Enterprise Server F5 nginx Suse linux Enterprise Canonical Debian debian Linux Suse linux Enterprise Desktop Fedoraproject F5 Debian Canonical ubuntu Linux Opensuse Suse |
Information
Published : 2010-12-06 21:05
Updated : 2023-12-10 11:03
NVD link : CVE-2010-4180
Mitre link : CVE-2010-4180
CVE.ORG link : CVE-2010-4180
JSON object : View
Products Affected
suse
- linux_enterprise_desktop
- linux_enterprise
- linux_enterprise_server
canonical
- ubuntu_linux
openssl
- openssl
debian
- debian_linux
fedoraproject
- fedora
f5
- nginx
opensuse
- opensuse
CWE