CVE-2010-4180

{"id": "CVE-2010-4180", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-06T21:05:48.687", "references": [{"url": "http://cvs.openssl.org/chngview?cn=20131", "tags": ["Broken Link", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openssl.org/news/secadv_20101202.txt", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/69565", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42469", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42473", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42493", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42571", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42620", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42811", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42877", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43169", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43170", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43171", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43172", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43173", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/44269", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://support.apple.com/kb/HT4723", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1029-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2141", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kb.cert.org/vuls/id/737740", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/522176", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/45164", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1024822", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3120", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3122", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3134", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3188", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0032", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0076", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0268", "tags": ["Permissions Required"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier."}, {"lang": "es", "value": "OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG est\u00e1 habilitado, no previene adecuadamente la modificaci\u00f3n del conjunto de cifrado en la cach\u00e9 de sesi\u00f3n, lo que permite a atacantes remotos forzar la degradaci\u00f3n para un cifrado no destinado a trav\u00e9s de vectores que involucran rastreo de tr\u00e1fico de red para descubrir un identificador de sesi\u00f3n."}], "lastModified": "2022-08-04T19:59:42.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0447353B-C86F-466E-91DD-39D56D850E35", "versionEndExcluding": "0.9.8q"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2FAFBB-00A0-4546-8B36-6028D6706FD7", "versionEndExcluding": "1.0.0c", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4500161F-13A0-4369-B93A-778B34E7F005"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E532D95-4A9F-47B1-979B-C116F7C7A73F", "versionEndExcluding": "0.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}