Vulnerability & Exploit Database

Back to search

Sun Patch: SunOS 5.10_x86: ssl patch

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:P/A:N) March 23, 2011 April 14, 2011 June 03, 2016

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

sunpatch-solaris-146859

Related Vulnerabilities