CVE-2008-7270

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8j openssl-devel-0.9.7a openssl-0.9.7a

Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by sniffing network traffic to discover a session identifier, allowing attackers to force the use of a disabled cipher. This can lead to unauthorized modification or a Denial of Service (DoS).

Recommendations For OpenSSL versions prior to 0.9.8j, update to version 0.9.8j or later to resolve the issue. For openssl-devel-0.9.7a and openssl-0.9.7a, at the moment, there is no information about a newer version that contains a fix for this vulnerability.