Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-4180HistoryDec 06, 2010 - 9:05 p.m.
CVE-2010-4180
2010-12-0621:05:48
Debian Security Bug Tracker
security-tracker.debian.org
17
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.1%
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssl | <ย 0.9.8o-4 | openssl_0.9.8o-4_all.deb |
| Debian | 11 | all | openssl | <ย 0.9.8o-4 | openssl_0.9.8o-4_all.deb |
| Debian | 999 | all | openssl | <ย 0.9.8o-4 | openssl_0.9.8o-4_all.deb |
| Debian | 13 | all | openssl | <ย 0.9.8o-4 | openssl_0.9.8o-4_all.deb |
Related
f5
f5
SOL12543 - OpenSSL vulnerability CVE-2010-4180
2011-01-26 00:00:00
K12543 : OpenSSL vulnerability CVE-2010-4180
2013-07-05 00:00:00
SOL12853 - OpenSSL vulnerability CVE-2008-7270
2011-05-24 00:00:00
nessus
nessus
openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0014-1)
2011-05-05 00:00:00
Solaris 10 (x86) : 146859-01
2018-03-12 00:00:00
Scientific Linux Security Update : openssl on SL6.x i386/x86_64
2012-08-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
ubuntucve
ubuntucve
CVE-2010-4180
2010-12-06 00:00:00
CVE-2008-7270
2010-12-06 00:00:00
openvas
openvas
OpenSSL: Ciphersuite Downgrade Attack (20101202) - Windows
2021-08-16 00:00:00
Mandriva Update for openssl MDVSA-2010:248 (openssl)
2010-12-23 00:00:00
Mandriva Update for openssl MDVSA-2010:248 (openssl)
2010-12-23 00:00:00
cvelist
cvelist
CVE-2010-4180
2010-12-06 21:00:00
CVE-2008-7270
2010-12-06 22:00:00
redhat
redhat
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0977) Moderate: openssl security update
2010-12-13 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:26
cve
cve
CVE-2010-4180
2010-12-06 21:05:48
CVE-2008-7270
2010-12-06 22:30:31
prion
prion
Session fixation
2010-12-06 21:05:00
Session fixation
2010-12-06 22:30:00
nvd
nvd
CVE-2010-4180
2010-12-06 21:05:48
CVE-2008-7270
2010-12-06 22:30:31
centos
centos
openssl security update
2010-12-14 01:19:08
openssl security update
2011-01-27 09:11:13
debiancve
debiancve
CVE-2008-7270
2010-12-06 22:30:31
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
ubuntu
ubuntu
OpenSSL vulnerabilities
2010-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: openssl-1.0.0c-1.fc14
2010-12-10 20:26:33
[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14
2011-02-14 20:28:21
[SECURITY] Fedora 14 Update: openssl-1.0.0e-1.fc14
2011-09-10 23:55:13
oraclelinux
oraclelinux
openssl security update
2010-12-13 00:00:00
openssl security update
2011-02-10 00:00:00
openssl security update
2010-12-13 00:00:00
debian
debian
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
osv
osv
nss - protocol design flaw
2011-01-06 00:00:00
openssl - protocol design flaw
2011-01-06 00:00:00
securityvulns
securityvulns
[USN-1029-1] OpenSSL vulnerabilities
2010-12-09 00:00:00
OpenSSL protection level downgrade
2010-12-09 00:00:00
HP Insight Control multiple security vulnerabilities
2011-04-26 00:00:00
suse
suse
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
compat-openssl097g (important)
2011-07-27 16:08:25
cert
cert
ibm
ibm
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.1%
Related for DEBIANCVE:CVE-2010-4180