Mend Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2010-4180

Good to know:

icon

Date: December 6, 2010

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Language: C

Severity Score

Related Resources (53)

http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.vupen.com/english/advisories/2010/3122
https://bugzilla.redhat.com/show_bug.cgi?id=659462
http://www.vupen.com/english/advisories/2010/3120
http://secunia.com/advisories/43170
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/42473
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
http://ubuntu.com/usn/usn-1029-1
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://secunia.com/advisories/42877
http://secunia.com/advisories/43169
https://access.redhat.com/security/cve/CVE-2010-4180
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
http://www.securityfocus.com/archive/1/522176
https://nvd.nist.gov/vuln/detail/CVE-2010-4180
http://secunia.com/advisories/42469
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://www.vupen.com/english/advisories/2011/0268
http://www.securityfocus.com/bid/45164
http://secunia.com/advisories/42620
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://www.securitytracker.com/id?1024822
http://www.vupen.com/english/advisories/2010/3188
http://osvdb.org/69565
http://secunia.com/advisories/42571
http://support.apple.com/kb/HT4723
http://secunia.com/advisories/42493
http://openssl.org/news/secadv_20101202.txt
http://cvs.openssl.org/chngview?cn=20131
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0076
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
http://secunia.com/advisories/42811
http://www.redhat.com/support/errata/RHSA-2011-0896.html
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
http://marc.info/?l=bugtraq&m=129916880600544&w=2
http://www.vupen.com/english/advisories/2010/3134
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
http://www.kb.cert.org/vuls/id/737740
http://marc.info/?l=bugtraq&m=132077688910227&w=2
http://secunia.com/advisories/43173
http://secunia.com/advisories/43171
http://secunia.com/advisories/43172
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://www.debian.org/security/2011/dsa-2141
http://secunia.com/advisories/44269
https://www.mend.io/vulnerability-database/CVE-2010-4180

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version 0.9.8q,1.0.0c

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us