CVE - CVE-2010-4180

CVE-ID
CVE-2010-4180	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://cvs.openssl.org/chngview?cn=20131 CONFIRM:http://openssl.org/news/secadv_20101202.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=659462 CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST CONFIRM:http://support.apple.com/kb/HT4723 APPLE:APPLE-SA-2011-06-23-1 URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html DEBIAN:DSA-2141 URL:http://www.debian.org/security/2011/dsa-2141 FEDORA:FEDORA-2010-18765 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html FEDORA:FEDORA-2010-18736 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html HP:HPSBMA02658 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HP:SSRT100413 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HP:HPSBHF02706 URL:http://marc.info/?l=bugtraq&m=132077688910227&w=2 HP:SSRT100613 URL:http://marc.info/?l=bugtraq&m=132077688910227&w=2 HP:HPSBMU02759 URL:http://www.securityfocus.com/archive/1/522176 HP:SSRT100817 URL:http://www.securityfocus.com/archive/1/522176 HP:HPSBOV02670 URL:http://marc.info/?l=bugtraq&m=130497251507577&w=2 HP:HPSBUX02638 URL:http://marc.info/?l=bugtraq&m=129916880600544&w=2 HP:SSRT100339 URL:http://marc.info/?l=bugtraq&m=129916880600544&w=2 HP:SSRT100475 URL:http://marc.info/?l=bugtraq&m=130497251507577&w=2 MANDRIVA:MDVSA-2010:248 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 REDHAT:RHSA-2010:0979 URL:http://www.redhat.com/support/errata/RHSA-2010-0979.html REDHAT:RHSA-2010:0977 URL:http://www.redhat.com/support/errata/RHSA-2010-0977.html REDHAT:RHSA-2010:0978 URL:http://www.redhat.com/support/errata/RHSA-2010-0978.html REDHAT:RHSA-2011:0896 URL:http://www.redhat.com/support/errata/RHSA-2011-0896.html SLACKWARE:SSA:2010-340-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 SUSE:SUSE-SR:2011:001 URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SUSE:SUSE-SU-2011:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html SUSE:openSUSE-SU-2011:0845 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html SUSE:SUSE-SR:2011:009 URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html UBUNTU:USN-1029-1 URL:http://ubuntu.com/usn/usn-1029-1 CERT-VN:VU#737740 URL:http://www.kb.cert.org/vuls/id/737740 BID:45164 URL:http://www.securityfocus.com/bid/45164 OSVDB:69565 URL:http://osvdb.org/69565 OVAL:oval:org.mitre.oval:def:18910 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910 SECTRACK:1024822 URL:http://www.securitytracker.com/id?1024822 SECUNIA:42473 URL:http://secunia.com/advisories/42473 SECUNIA:42469 URL:http://secunia.com/advisories/42469 SECUNIA:42493 URL:http://secunia.com/advisories/42493 SECUNIA:42571 URL:http://secunia.com/advisories/42571 SECUNIA:42620 URL:http://secunia.com/advisories/42620 SECUNIA:42811 URL:http://secunia.com/advisories/42811 SECUNIA:42877 URL:http://secunia.com/advisories/42877 SECUNIA:43169 URL:http://secunia.com/advisories/43169 SECUNIA:43170 URL:http://secunia.com/advisories/43170 SECUNIA:43171 URL:http://secunia.com/advisories/43171 SECUNIA:43172 URL:http://secunia.com/advisories/43172 SECUNIA:43173 URL:http://secunia.com/advisories/43173 SECUNIA:44269 URL:http://secunia.com/advisories/44269 VUPEN:ADV-2010-3120 URL:http://www.vupen.com/english/advisories/2010/3120 VUPEN:ADV-2010-3122 URL:http://www.vupen.com/english/advisories/2010/3122 VUPEN:ADV-2010-3134 URL:http://www.vupen.com/english/advisories/2010/3134 VUPEN:ADV-2010-3188 URL:http://www.vupen.com/english/advisories/2010/3188 VUPEN:ADV-2011-0032 URL:http://www.vupen.com/english/advisories/2011/0032 VUPEN:ADV-2011-0076 URL:http://www.vupen.com/english/advisories/2011/0076 VUPEN:ADV-2011-0268 URL:http://www.vupen.com/english/advisories/2011/0268
Assigning CNA
N/A
Date Entry Created
20101104	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101104)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org