CVE-2010-4180

Priority
Description
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly
prevent modification of the ciphersuite in the session cache, which allows
remote attackers to force the downgrade to an unintended cipher via vectors
involving sniffing network traffic to discover a session identifier.
Assigned-to
sbeattie
Notes
Package
Upstream:released (0.9.8q, 0.9.8o-4)
More Information

Updated: 2020-01-29 19:39:31 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)