Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2008-7270

Опубликовано: 06 дек. 2010
Источник: debian
EPSS Низкий

Описание

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
opensslfixed0.9.8k-1package
opensslfixed0.9.8g-15+lenny11lennypackage

Примечания

  • lenny was fixed as a side effect of the fix of CVE-2010-4180

  • which disabled the bug compatibility code

EPSS

Процентиль: 81%
0.01578
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2008-7270

ubuntu
больше 14 лет назад

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

redhat логотип

CVE-2008-7270

redhat
больше 14 лет назад

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

nvd логотип

CVE-2008-7270

nvd
больше 14 лет назад

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

github логотип

GHSA-2qf2-98wp-cwm9

github
около 3 лет назад

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

oracle-oval логотип

ELSA-2010-0978

oracle-oval
больше 14 лет назад

ELSA-2010-0978: openssl security update (MODERATE)

EPSS

Процентиль: 81%
0.01578
Низкий