CVE Vulnerabilities

CVE-2008-7270

Published: Dec 06, 2010 | Modified: Apr 06, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.1c 0.9.1c
Openssl Openssl 0.9.2b 0.9.2b
Openssl Openssl 0.9.3 0.9.3
Openssl Openssl 0.9.3a 0.9.3a
Openssl Openssl 0.9.4 0.9.4
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5 0.9.5
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.5a 0.9.5a
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6b 0.9.6b
Openssl Openssl 0.9.6c 0.9.6c
Openssl Openssl 0.9.6d 0.9.6d
Openssl Openssl 0.9.6e 0.9.6e
Openssl Openssl 0.9.6f 0.9.6f
Openssl Openssl 0.9.6g 0.9.6g
Openssl Openssl 0.9.6h 0.9.6h
Openssl Openssl 0.9.6i 0.9.6i
Openssl Openssl 0.9.6j 0.9.6j
Openssl Openssl 0.9.6k 0.9.6k
Openssl Openssl 0.9.6l 0.9.6l
Openssl Openssl 0.9.6m 0.9.6m
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7a 0.9.7a
Openssl Openssl 0.9.7b 0.9.7b
Openssl Openssl 0.9.7c 0.9.7c
Openssl Openssl 0.9.7d 0.9.7d
Openssl Openssl 0.9.7e 0.9.7e
Openssl Openssl 0.9.7f 0.9.7f
Openssl Openssl 0.9.7g 0.9.7g
Openssl Openssl 0.9.7h 0.9.7h
Openssl Openssl 0.9.7i 0.9.7i
Openssl Openssl 0.9.7j 0.9.7j
Openssl Openssl 0.9.7k 0.9.7k
Openssl Openssl 0.9.7l 0.9.7l
Openssl Openssl 0.9.7m 0.9.7m
Openssl Openssl 0.9.8 0.9.8
Openssl Openssl 0.9.8a 0.9.8a
Openssl Openssl 0.9.8b 0.9.8b
Openssl Openssl 0.9.8c 0.9.8c
Openssl Openssl 0.9.8d 0.9.8d
Openssl Openssl 0.9.8e 0.9.8e
Openssl Openssl 0.9.8f 0.9.8f
Openssl Openssl 0.9.8g 0.9.8g
Openssl Openssl 0.9.8h 0.9.8h
Openssl Openssl * 0.9.8i
Red Hat Enterprise Linux 4 RedHat openssl-0:0.9.7a-43.17.el4_8.6 *
Red Hat Enterprise Linux 5 RedHat openssl-0:0.9.8e-12.el5_5.7 *
Red Hat JBoss Web Server 1.0 RedHat *
Openssl Ubuntu dapper *
Openssl Ubuntu hardy *
Openssl Ubuntu karmic *
Openssl Ubuntu upstream *

References