Vulnerability Details CVE-2008-7270
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 83.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://cvs.openssl.org/chngview?cn=17489
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://secunia.com/advisories/42493
- http://ubuntu.com/usn/usn-1029-1
- http://www.redhat.com/support/errata/RHSA-2010-0977.html
- http://www.redhat.com/support/errata/RHSA-2010-0978.html
- http://www.redhat.com/support/errata/RHSA-2011-0896.html
- http://www.securityfocus.com/archive/1/522176
- http://www.securityfocus.com/archive/1/522176
- http://www.securityfocus.com/bid/45254
- https://bugzilla.redhat.com/show_bug.cgi?id=659462
- http://cvs.openssl.org/chngview?cn=17489
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://secunia.com/advisories/42493
- http://ubuntu.com/usn/usn-1029-1
- http://www.redhat.com/support/errata/RHSA-2010-0977.html
- http://www.redhat.com/support/errata/RHSA-2010-0978.html
- http://www.redhat.com/support/errata/RHSA-2011-0896.html
- http://www.securityfocus.com/archive/1/522176
- http://www.securityfocus.com/archive/1/522176
- http://www.securityfocus.com/bid/45254
- https://bugzilla.redhat.com/show_bug.cgi?id=659462
Products affected by CVE-2008-7270
-
cpe:2.3:a:openssl:openssl:-
-
cpe:2.3:a:openssl:openssl:0.9.1c
-
cpe:2.3:a:openssl:openssl:0.9.2b
-
cpe:2.3:a:openssl:openssl:0.9.3
-
cpe:2.3:a:openssl:openssl:0.9.3a
-
cpe:2.3:a:openssl:openssl:0.9.4
-
cpe:2.3:a:openssl:openssl:0.9.5
-
cpe:2.3:a:openssl:openssl:0.9.5a
-
cpe:2.3:a:openssl:openssl:0.9.6
-
cpe:2.3:a:openssl:openssl:0.9.6a
-
cpe:2.3:a:openssl:openssl:0.9.6b
-
cpe:2.3:a:openssl:openssl:0.9.6c
-
cpe:2.3:a:openssl:openssl:0.9.6d
-
cpe:2.3:a:openssl:openssl:0.9.6e
-
cpe:2.3:a:openssl:openssl:0.9.6f
-
cpe:2.3:a:openssl:openssl:0.9.6g
-
cpe:2.3:a:openssl:openssl:0.9.6h
-
cpe:2.3:a:openssl:openssl:0.9.6i
-
cpe:2.3:a:openssl:openssl:0.9.6j
-
cpe:2.3:a:openssl:openssl:0.9.6k
-
cpe:2.3:a:openssl:openssl:0.9.6l
-
cpe:2.3:a:openssl:openssl:0.9.6m
-
cpe:2.3:a:openssl:openssl:0.9.7
-
cpe:2.3:a:openssl:openssl:0.9.7a
-
cpe:2.3:a:openssl:openssl:0.9.7b
-
cpe:2.3:a:openssl:openssl:0.9.7c
-
cpe:2.3:a:openssl:openssl:0.9.7d
-
cpe:2.3:a:openssl:openssl:0.9.7e
-
cpe:2.3:a:openssl:openssl:0.9.7f
-
cpe:2.3:a:openssl:openssl:0.9.7g
-
cpe:2.3:a:openssl:openssl:0.9.7h
-
cpe:2.3:a:openssl:openssl:0.9.7i
-
cpe:2.3:a:openssl:openssl:0.9.7j
-
cpe:2.3:a:openssl:openssl:0.9.7k
-
cpe:2.3:a:openssl:openssl:0.9.7l
-
cpe:2.3:a:openssl:openssl:0.9.7m
-
cpe:2.3:a:openssl:openssl:0.9.8
-
cpe:2.3:a:openssl:openssl:0.9.8a
-
cpe:2.3:a:openssl:openssl:0.9.8b
-
cpe:2.3:a:openssl:openssl:0.9.8c
-
cpe:2.3:a:openssl:openssl:0.9.8c-1
-
cpe:2.3:a:openssl:openssl:0.9.8d
-
cpe:2.3:a:openssl:openssl:0.9.8e
-
cpe:2.3:a:openssl:openssl:0.9.8f
-
cpe:2.3:a:openssl:openssl:0.9.8g
-
cpe:2.3:a:openssl:openssl:0.9.8g-9
-
cpe:2.3:a:openssl:openssl:0.9.8h
-
cpe:2.3:a:openssl:openssl:0.9.8i