Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-4180

Published: 06/12/2010 Updated: 04/08/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Openssl

Vulnerability Summary

OpenSSL prior to 0.9.8q, and 1.0.x prior to 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote malicious users to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

fedoraproject fedora 13

fedoraproject fedora 14

debian debian linux 5.0

canonical ubuntu linux 10.10

canonical ubuntu linux 9.04

canonical ubuntu linux 8.04

canonical ubuntu linux 10.04

canonical ubuntu linux 6.06

suse linux enterprise desktop 11

opensuse opensuse 11.1

suse linux enterprise server 9

opensuse opensuse 11.4

opensuse opensuse 11.2

opensuse opensuse 11.3

suse linux enterprise desktop 10

suse linux enterprise server 10

suse linux enterprise 11.0

f5 nginx

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections (CVE-2010-4180) ...
Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw
DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 (openssl), DSA 2141-2 (nss), DSA 2141-3 (apache2), and DSA 2141-4 (lighttpd) This page only covers the first part, openssl CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols If an attacke ...

References

NVD-CWE-noinfohttp://cvs.openssl.org/chngview?cn=20131https://bugzilla.redhat.com/show_bug.cgi?id=659462http://openssl.org/news/secadv_20101202.txthttp://www.vupen.com/english/advisories/2010/3120http://www.vupen.com/english/advisories/2010/3122http://ubuntu.com/usn/usn-1029-1http://secunia.com/advisories/42473http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471http://www.vupen.com/english/advisories/2010/3134http://osvdb.org/69565http://www.securitytracker.com/id?1024822http://secunia.com/advisories/42493http://www.mandriva.com/security/advisories?name=MDVSA-2010:248http://www.securityfocus.com/bid/45164http://secunia.com/advisories/42469http://www.vupen.com/english/advisories/2010/3188http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0979.htmlhttp://secunia.com/advisories/42620http://secunia.com/advisories/42571http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.htmlhttp://www.debian.org/security/2011/dsa-2141http://secunia.com/advisories/42811http://www.vupen.com/english/advisories/2011/0032http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0977.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0978.htmlhttp://secunia.com/advisories/42877http://www.vupen.com/english/advisories/2011/0076http://www.vupen.com/english/advisories/2011/0268http://secunia.com/advisories/43171http://secunia.com/advisories/43172http://secunia.com/advisories/43169http://secunia.com/advisories/43173http://secunia.com/advisories/43170https://kb.bluecoat.com/index?page=content&id=SA53&actp=LISThttp://secunia.com/advisories/44269http://support.apple.com/kb/HT4723http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlhttp://marc.info/?l=bugtraq&m=132077688910227&w=2http://www.securityfocus.com/archive/1/522176http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777http://www.kb.cert.org/vuls/id/737740http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://marc.info/?l=bugtraq&m=129916880600544&w=2http://marc.info/?l=bugtraq&m=130497251507577&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910https://usn.ubuntu.com/1029-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/737740
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook