Unrated severityNVD Advisory· Published Dec 6, 2010· Updated Apr 29, 2026
CVE-2010-4180
CVE-2010-4180
Description
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Affected products
46cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- osv-coords26 versionspkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 4.8.6-7.3+ 25 more
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.3
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
- (no CPE)range: < 4.8.6-7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
50- cvs.openssl.org/chngviewnvdBroken LinkPatch
- openssl.org/news/secadv_20101202.txtnvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlnvdBroken LinkMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlnvdMailing ListThird Party Advisory
- marc.infonvdIssue TrackingThird Party Advisory
- marc.infonvdIssue TrackingThird Party Advisory
- marc.infonvdIssue TrackingThird Party Advisory
- slackware.com/security/viewer.phpnvdThird Party Advisory
- support.apple.com/kb/HT4723nvdThird Party Advisory
- ubuntu.com/usn/usn-1029-1nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2141nvdThird Party Advisory
- www.kb.cert.org/vuls/id/737740nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/support/errata/RHSA-2010-0977.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0978.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0979.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-0896.htmlnvdVendor Advisory
- www.securityfocus.com/archive/1/522176nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/45164nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910nvdThird Party Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
- osvdb.org/69565nvdBroken Link
- secunia.com/advisories/42469nvdNot Applicable
- secunia.com/advisories/42473nvdNot Applicable
- secunia.com/advisories/42493nvdNot Applicable
- secunia.com/advisories/42571nvdNot Applicable
- secunia.com/advisories/42620nvdNot Applicable
- secunia.com/advisories/42811nvdNot Applicable
- secunia.com/advisories/42877nvdNot Applicable
- secunia.com/advisories/43169nvdNot Applicable
- secunia.com/advisories/43170nvdNot Applicable
- secunia.com/advisories/43171nvdNot Applicable
- secunia.com/advisories/43172nvdNot Applicable
- secunia.com/advisories/43173nvdNot Applicable
- secunia.com/advisories/44269nvdNot Applicable
- www.mandriva.com/security/advisoriesnvdPermissions Required
- www.vupen.com/english/advisories/2010/3120nvdPermissions Required
- www.vupen.com/english/advisories/2010/3122nvdPermissions Required
- www.vupen.com/english/advisories/2010/3134nvdPermissions Required
- www.vupen.com/english/advisories/2010/3188nvdPermissions Required
- www.vupen.com/english/advisories/2011/0032nvdPermissions Required
- www.vupen.com/english/advisories/2011/0076nvdPermissions Required
- www.vupen.com/english/advisories/2011/0268nvdPermissions Required
- kb.bluecoat.com/indexnvdBroken Link
News mentions
0No linked articles in our index yet.