Description

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Remediation

References

CVE-2008-7270

Related Vulnerabilities

ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698)

WordPress Plugin Sliding Recent Posts Cross-Site Request Forgery (1.0)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.6.2)

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Security Bypass (9.3)

WordPress Plugin Altos Connect Widget Cross-Site Scripting (1.3.0)

Severity

Medium

Classification

CVE-2008-7270

Tags

Missing Update Known Vulnerabilities