Russian Vulnerability Scanner Database

Back to List

CVE-2010-4180

Scores

EPSS

0.038very_low3.8%
0%20%40%60%80%100%

Percentile: 3.8%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

Related Vulnerabilities

BDU:2015-05174BDU:2015-05175BDU:2015-06475BDU:2015-06478BDU:2015-08472BDU:2015-08473BDU:2015-09418BDU:2015-09905

Exploits

Exploit ID: 10071

Source: exploitdb

URL: https://www.exploit-db.com/exploits/10071

Exploit ID: 10579

Source: exploitdb

URL: https://www.exploit-db.com/exploits/10579

Exploit ID: 12334

Source: exploitdb

URL: https://www.exploit-db.com/exploits/12334

Exploit ID: 24487

Source: exploitdb

URL: https://www.exploit-db.com/exploits/24487

Exploit ID: 28726

Source: exploitdb

URL: https://www.exploit-db.com/exploits/28726

Exploit ID: 34427

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34427

Exploit ID: 4773

Source: exploitdb

URL: https://www.exploit-db.com/exploits/4773

Exploit ID: 8720

Source: exploitdb

URL: https://www.exploit-db.com/exploits/8720

Exploit ID: CVE-2009-3555

Source: github-poc

URL: https://github.com/johnwchadwick/cve-2009-3555-test-server

Exploit ID: CVE-2014-3570

Source: github-poc

URL: https://github.com/uthrasri/CVE-2014-3570_G2.5_openssl_no_patch

Exploit ID: CVE-2014-8275

Source: github-poc

URL: https://github.com/uthrasri/CVE-2014-8275_openssl_g2.5

Exploit ID: CVE-2015-0204

Source: github-poc

URL: https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script

Exploit ID: CVE-2015-0205

Source: github-poc

URL: https://github.com/saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205

Vulnerable Software (14)

Type: Configuration

Product: openssl

Operating System: ubuntu hardy 8.04

Trait: 
{  "fixed": "0.9.8g-4ubuntu3.13"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: debian

Trait: 
{  "fixed": "0.9.8o-4"}

Source: debian

Type: Configuration

Product: openssl

Operating System: rhel 4

Trait: 
{  "fixed": "0.9.7a-43.17.el4_8.6"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 5

Trait: 
{  "fixed": "0.9.8e-12.el5_5.7"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 6

Trait: 
{  "fixed": "1.0.0-4.el6_0.2"}

Source: redhat

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_desktop

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: nginx

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",      "versionEndExcluding": "0.9.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: openssl

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndExcluding": "0.9.8q",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:openss...

Source: nvd

Type: Configuration

Vendor: *

Product: opensuse

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: ubuntu_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-...

Source: nvd

End of list