Showing 1 - 6 of 6

CVE-2008-7270

Status Candidate

Overview

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Related Files

HP Security Bulletin HPSBPV02891: Posted Jul 16, 2013; Authored by HP | Site hp.com; HP Security Bulletin HPSBPV02891 - A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. Revision 1 of this advisory.; tags | advisory, info disclosure; advisories | CVE-2008-7270; SHA-256 | a13c78b7e9815f844c448c9eb92c69522b4f6a4f767e7c12192d6a9794671eef; Download | Favorite | View

HP Security Bulletin HPSBMU02759 SSRT100817: Posted Apr 5, 2012; Authored by HP | Site hp.com; HP Security Bulletin HPSBMU02759 SSRT100817 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access, unauthorized information disclosure, Denial of Service (DoS), and URL redirection. Revision 1 of this advisory.; tags | advisory, denial of service, vulnerability, info disclosure; advisories | CVE-2008-7270, CVE-2009-3555, CVE-2012-0128, CVE-2012-0129, CVE-2012-0130; SHA-256 | 6ad7ba2c48944ee744e96cf3ef0e46c12152365e66984731869ed2c5c3e97ec0; Download | Favorite | View

HP Security Bulletin HPSBHF02706 SSRT100613: Posted Nov 9, 2011; Authored by HP | Site hp.com; HP Security Bulletin HPSBHF02706 SSRT100613 - Potential security vulnerabilities have been identified with HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized modification. Revision 1 of this advisory.; tags | advisory, denial of service, vulnerability; advisories | CVE-2008-7270, CVE-2009-3555, CVE-2010-4180; SHA-256 | d4eea79f2c68bc01af2e1e5a79c2d8ef8db67b1660446a519fdd89b2a16d9828; Download | Favorite | View

VMware Security Advisory 2011-0013: Posted Oct 28, 2011; Authored by VMware | Site vmware.com; VMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.; tags | advisory; advisories | CVE-2008-7270, CVE-2010-1321, CVE-2010-2054, CVE-2010-3170, CVE-2010-3173, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570; SHA-256 | bfa44b90a996832dc4d48ee3d88431651288c9f75d7f7f82d502411d95c5dce3; Download | Favorite | View

Red Hat Security Advisory 2011-0896-01: Posted Jun 24, 2011; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.; tags | advisory, web, vulnerability, xss; systems | linux, redhat; advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419; SHA-256 | afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bc; Download | Favorite | View

Ubuntu Security Notice USN-1029-1: Posted Dec 8, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1029-1 - It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2008-7270, CVE-2010-4180; SHA-256 | 9b2fbabcd1055b8d1ed15df519d9bfa669f526b20580aef58d06e29402c6362a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2008-7270

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems