CVE-2010-4180

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-12-2010 10:05

Last modified: - 04-08-2022 09:59

Total changes: - 2

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:P/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

Reference

http://cvs.openssl.org/chngview?cn=20131
https://bugzilla.redhat.com/show_bug.cgi?id=659462
http://openssl.org/news/secadv_20101202.txt
ADV-2010-3120-Permissions Required
ADV-2010-3122-Permissions Required
USN-1029-1-Third Party Advisory
42473-Not Applicable
SSA:2010-340-01-Third Party Advisory
ADV-2010-3134-Permissions Required
69565-Broken Link
1024822-Broken Link, Third Party Advisory, VDB Entry
42493-Not Applicable
MDVSA-2010:248-Permissions Required
45164-Third Party Advisory, VDB Entry
42469-Not Applicable
ADV-2010-3188-Permissions Required
FEDORA-2010-18765-Mailing List, Third Party Advisory
RHSA-2010:0979-Third Party Advisory
42620-Not Applicable
42571-Not Applicable
FEDORA-2010-18736-Mailing List, Third Party Advisory
DSA-2141-Third Party Advisory
42811-Not Applicable
ADV-2011-0032-Permissions Required
SUSE-SR:2011:001-Mailing List, Third Party Advisory
RHSA-2010:0977-Third Party Advisory
RHSA-2010:0978-Third Party Advisory
42877-Not Applicable
ADV-2011-0076-Permissions Required
ADV-2011-0268-Permissions Required
43171-Not Applicable
43172-Not Applicable
43169-Not Applicable
43173-Not Applicable
43170-Not Applicable
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
44269-Not Applicable
http://support.apple.com/kb/HT4723
APPLE-SA-2011-06-23-1-Broken Link, Mailing List, Third Party Advisory
RHSA-2011:0896-Vendor Advisory
openSUSE-SU-2011:0845-Mailing List, Third Party Advisory
SUSE-SU-2011:0847-Mailing List, Third Party Advisory
HPSBHF02706-Issue Tracking, Third Party Advisory
SSRT100817-Third Party Advisory, VDB Entry
HPSBMA02658-Broken Link
VU#737740-Third Party Advisory, US Government Resource
SUSE-SR:2011:009-Mailing List, Third Party Advisory
HPSBUX02638-Issue Tracking, Third Party Advisory
SSRT100475-Issue Tracking, Third Party Advisory
oval:org.mitre.oval:def:18910-Third Party Advisory

Keywords

CVE-2010-4180

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-4180

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures