CVE-2010-4252

Related Files

VMware Security Advisory 2012-0013

Posted Sep 1, 2012

Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability

advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609

SHA-256 | ab37b6926b046653acdeeef66e7c85ba

Download | Favorite | View

HP Security Bulletin HPSBOV02670 SSRT100475

Posted May 10, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02670 SSRT100475 - Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability

advisories | CVE-2010-3864, CVE-2010-4180, CVE-2010-4252, CVE-2011-0014

SHA-256 | 1580382bbf55fde0f91e439f0d90c3aff5767f568e5cc0fa24c41bb05a7b36a4

Download | Favorite | View

HP Security Bulletin HPSBUX02638 SSRT100339

Posted Mar 3, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02638 SSRT100339 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary

systems | hpux

advisories | CVE-2010-4252

SHA-256 | 719f5ef4963f2e723d99432e1c22ccc24d50e19a6d7fa0dbfcfc1f74312408b3

Download | Favorite | View

OpenSSL Toolkit 1.0.0c

Posted Dec 7, 2010

Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: An error was fixed in the experimental J-PAKE implementation, which could lead to successful validation by someone with no knowledge of the shared secret. This issue was reported as CVE-2010-4252. An old bug in a workaround that allowed malicious clients to modify the stored session cache ciphersuite was fixed. This issue was reported as CVE-2010-4180.

tags | encryption, protocol

systems | unix

advisories | CVE-2010-4252, CVE-2010-4180

SHA-256 | f731b36de3edaa361179ae6f449668b248a360e34e31e92902d976e9b9d604eb

Download | Favorite | View

OpenSSL Ciphersuite Downgrade Attack / JPAKE Validate Error

Posted Dec 3, 2010

Site openssl.org

A flaw has been found in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. Sebastian Martini found an error in OpenSSL's J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret.

tags | advisory

advisories | CVE-2010-4180, CVE-2010-4252

SHA-256 | 7f8ca6e76dcf9ef92fc130a2bb2e5efad851ced1f1468d89cbc320f1359073f4

Download | Favorite | View