Executive Summary

Informations
NameCVE-2010-4180First vendor Publication2010-12-06
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22097
 
Oval ID: oval:org.mitre.oval:def:22097
Title: RHSA-2010:0979: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): RHSA-2010:0979-01
CVE-2010-4180
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22038
 
Oval ID: oval:org.mitre.oval:def:22038
Title: RHSA-2010:0978: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): RHSA-2010:0978-01
CESA-2010:0978
CVE-2008-7270
CVE-2010-4180
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20828
 
Oval ID: oval:org.mitre.oval:def:20828
Title: Multiple OpenSSL vulnerabilities
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20705
 
Oval ID: oval:org.mitre.oval:def:20705
Title: VMware vSphere and vCOps updates to third party libraries
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19752
 
Oval ID: oval:org.mitre.oval:def:19752
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19547
 
Oval ID: oval:org.mitre.oval:def:19547
Title: HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4180
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18910
 
Oval ID: oval:org.mitre.oval:def:18910
Title: OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server (CVE-2010-4180)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4180
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12801
 
Oval ID: oval:org.mitre.oval:def:12801
Title: DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw
Description: CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers.
Family: unix Class: patch
Reference(s): DSA-2141-2
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12707
 
Oval ID: oval:org.mitre.oval:def:12707
Title: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw
Description: CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite.
Family: unix Class: patch
Reference(s): DSA-2141-1
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12573
 
Oval ID: oval:org.mitre.oval:def:12573
Title: DSA-2141-3 apache2 -- backward compatibility option for SSL/TLS insecure
Description: DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients. More information can be found in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .
Family: unix Class: patch
Reference(s): DSA-2141-3
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12481
 
Oval ID: oval:org.mitre.oval:def:12481
Title: DSA-2141-4 lighttpd -- compatibility problem with updated openssl
Description: The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem.
Family: unix Class: patch
Reference(s): DSA-2141-4
CVE-2009-3555
CVE-2010-4180
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): lighttpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22780
 
Oval ID: oval:org.mitre.oval:def:22780
Title: ELSA-2010:0979: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): ELSA-2010:0979-01
CVE-2010-4180
Version: 6
Platform(s): Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22306
 
Oval ID: oval:org.mitre.oval:def:22306
Title: ELSA-2010:0978: openssl security update (Moderate)
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: unix Class: patch
Reference(s): ELSA-2010:0978-01
CVE-2008-7270
CVE-2010-4180
Version: 13
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24969
 
Oval ID: oval:org.mitre.oval:def:24969
Title: Vulnerability in OpenSSL 0.9.8q, and 1.0.x before 1.0.0c, does not properly prevent modification of the ciphersuite in the session cache
Description: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4180
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25193
 
Oval ID: oval:org.mitre.oval:def:25193
Title: SUSE-SU-2013:1165-1 -- Security update for libcurl4
Description: This update of curl fixes several security issues: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) * cookie domain tailmatch (bnc#814655 / CVE-2013-1944) * curl sets SSL_OP_ALL (bnc#742306 / CVE-2011-3389) * When SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier (CVE-2010-4180)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1165-1
CVE-2013-2174
CVE-2013-1944
CVE-2011-3389
CVE-2010-4180
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 10
Product(s): libcurl4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28187
 
Oval ID: oval:org.mitre.oval:def:28187
Title: DEPRECATED: ELSA-2010-0979 -- openssl security update (moderate)
Description: [1.0.0-4.2] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-4.1] - fix race in extension parsing code - CVE-2010-3864 (#649304)
Family: unix Class: patch
Reference(s): ELSA-2010-0979
CVE-2010-3864
CVE-2010-4180
Version: 4
Platform(s): Oracle Linux 6
Product(s): openssl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application223

OpenVAS Exploits

DateDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30Name : CentOS Update for openssl CESA-2010:0977 centos4 x86_64
File : nvt/gb_CESA-2010_0977_openssl_centos4_x86_64.nasl
2012-03-15Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-01 (openssl)
File : nvt/glsa_201110_01.nasl
2011-09-12Name : Fedora Update for openssl FEDORA-2011-12281
File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl
2011-08-19Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl
2011-08-09Name : CentOS Update for openssl CESA-2010:0978 centos5 i386
File : nvt/gb_CESA-2010_0978_openssl_centos5_i386.nasl
2011-05-05Name : HP-UX Update for OpenSSL HPSBUX02638
File : nvt/gb_hp_ux_HPSBUX02638.nasl
2011-03-24Name : Fedora Update for openssl FEDORA-2011-1255
File : nvt/gb_fedora_2011_1255_openssl_fc13.nasl
2011-02-16Name : Fedora Update for openssl FEDORA-2011-1273
File : nvt/gb_fedora_2011_1273_openssl_fc14.nasl
2011-01-31Name : CentOS Update for openssl CESA-2010:0977 centos4 i386
File : nvt/gb_CESA-2010_0977_openssl_centos4_i386.nasl
2010-12-28Name : Fedora Update for openssl FEDORA-2010-18736
File : nvt/gb_fedora_2010_18736_openssl_fc13.nasl
2010-12-28Name : Fedora Update for openssl FEDORA-2010-18765
File : nvt/gb_fedora_2010_18765_openssl_fc14.nasl
2010-12-28Name : RedHat Update for openssl RHSA-2010:0977-01
File : nvt/gb_RHSA-2010_0977-01_openssl.nasl
2010-12-28Name : RedHat Update for openssl RHSA-2010:0978-01
File : nvt/gb_RHSA-2010_0978-01_openssl.nasl
2010-12-23Name : Ubuntu Update for openssl vulnerabilities USN-1029-1
File : nvt/gb_ubuntu_USN_1029_1.nasl
2010-12-23Name : Mandriva Update for openssl MDVSA-2010:248 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_248.nasl
0000-00-00Name : Slackware Advisory SSA:2010-340-01 openssl
File : nvt/esoft_slk_ssa_2010_340_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69565OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Do...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794
2012-04-05IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator
Severity : Category I - VMSKEY : V0031972
2011-12-15IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category I - VMSKEY : V0030824
2011-12-01IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Nessus® Vulnerability Scanner

DateDescription
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-02-29Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-08-22Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory2.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory3.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0979.nasl - Type : ACT_GATHER_INFO
2013-07-10Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libcurl4-8618.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101213_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101213_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-01-04Name : The remote SSL layer is affected by a denial of service vulnerability.
File : openssl_0_9_8p_1_0_0e.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-7462.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-10-28Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-10-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO
2011-07-28Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2011-07-28Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-05-04Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-7463.nasl - Type : ACT_GATHER_INFO
2011-05-04Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12701.nasl - Type : ACT_GATHER_INFO
2011-02-07Name : The remote host allows resuming SSL sessions with a weaker cipher than the on...
File : openssl_resume_different_cipher.nasl - Type : ACT_ATTACK
2011-01-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO
2011-01-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO
2010-12-20Name : The remote Fedora host is missing a security update.
File : fedora_2010-18736.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0979.nasl - Type : ACT_GATHER_INFO
2010-12-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO
2010-12-12Name : The remote Fedora host is missing a security update.
File : fedora_2010-18765.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-248.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1029-1.nasl - Type : ACT_GATHER_INFO
2010-12-08Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-340-01.nasl - Type : ACT_GATHER_INFO
2010-12-07Name : The remote web server is affected by multiple vulnerabilities.
File : openssl_1_0_0c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BID http://www.securityfocus.com/bid/45164
CERT-VN http://www.kb.cert.org/vuls/id/737740
CONFIRM http://cvs.openssl.org/chngview?cn=20131
http://openssl.org/news/secadv_20101202.txt
http://support.apple.com/kb/HT4723
https://bugzilla.redhat.com/show_bug.cgi?id=659462
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
DEBIAN http://www.debian.org/security/2011/dsa-2141
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-December/05202...
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/05231...
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://marc.info/?l=bugtraq&m=129916880600544&w=2
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://marc.info/?l=bugtraq&m=132077688910227&w=2
http://www.securityfocus.com/archive/1/522176
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
SECTRACK http://www.securitytracker.com/id?1024822
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2010&...
SUSE http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
UBUNTU http://ubuntu.com/usn/usn-1029-1
VUPEN http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122
http://www.vupen.com/english/advisories/2010/3134
http://www.vupen.com/english/advisories/2010/3188
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0268

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DateInformations
2019-09-24 01:03:21
  • Multiple Updates
2019-03-19 12:03:48
  • Multiple Updates
2018-08-10 12:02:02
  • Multiple Updates
2017-09-19 09:24:03
  • Multiple Updates
2016-08-23 09:24:39
  • Multiple Updates
2016-06-28 18:22:22
  • Multiple Updates
2016-04-26 20:13:32
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2016-03-01 13:26:32
  • Multiple Updates
2014-11-27 13:27:49
  • Multiple Updates
2014-06-14 13:29:45
  • Multiple Updates
2014-04-17 13:25:36
  • Multiple Updates
2014-02-21 13:21:29
  • Multiple Updates
2014-02-17 10:58:31
  • Multiple Updates
2013-11-11 12:39:04
  • Multiple Updates
2013-11-04 21:21:07
  • Multiple Updates
2013-09-12 13:19:51
  • Multiple Updates
2013-07-17 21:18:44
  • Multiple Updates
2013-05-10 23:36:44
  • Multiple Updates