CVE-2010-4180
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2010-4180
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-4180.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2010-4180
- Related
- Published
- 2010-12-06T21:05:48Z
- Modified
- 2024-09-18T01:00:21Z
- Summary
- [none]
- Details
-
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
- References
-
- http://secunia.com/advisories/42469
- http://secunia.com/advisories/42473
- http://secunia.com/advisories/42493
- http://secunia.com/advisories/42571
- http://secunia.com/advisories/42620
- http://secunia.com/advisories/42811
- http://secunia.com/advisories/42877
- http://secunia.com/advisories/43169
- http://secunia.com/advisories/43170
- http://secunia.com/advisories/43171
- http://secunia.com/advisories/43172
- http://secunia.com/advisories/43173
- http://secunia.com/advisories/44269
- http://www.debian.org/security/2011/dsa-2141
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
- http://www.redhat.com/support/errata/RHSA-2011-0896.html
- http://www.securityfocus.com/archive/1/522176
- http://www.securityfocus.com/bid/45164
- http://www.securitytracker.com/id?1024822
- http://www.vupen.com/english/advisories/2010/3120
- http://www.vupen.com/english/advisories/2010/3122
- http://www.vupen.com/english/advisories/2010/3134
- http://www.vupen.com/english/advisories/2010/3188
- http://www.vupen.com/english/advisories/2011/0032
- http://www.vupen.com/english/advisories/2011/0076
- http://www.vupen.com/english/advisories/2011/0268
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
- http://cvs.openssl.org/chngview?cn=20131
- http://openssl.org/news/secadv_20101202.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=659462
- http://marc.info/?l=bugtraq&m=129916880600544&w=2
- http://marc.info/?l=bugtraq&m=130497251507577&w=2
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://osvdb.org/69565
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
- http://support.apple.com/kb/HT4723
- http://ubuntu.com/usn/usn-1029-1
- http://www.kb.cert.org/vuls/id/737740
- http://www.redhat.com/support/errata/RHSA-2010-0977.html
- http://www.redhat.com/support/errata/RHSA-2010-0978.html
- http://www.redhat.com/support/errata/RHSA-2010-0979.html
- https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
- https://security-tracker.debian.org/tracker/CVE-2010-4180
Affected packages
Debian:11 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Debian:12 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Debian:13 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source