LinuxSecurity.com: It was discovered that an old bug workaround in the SSL/TLSserver code allowed an attacker to modify the stored session cacheciphersuite. This could possibly allow an attacker to downgrade theciphersuite to a weaker one on subsequent connections. (CVE-2010-4180) [More...]
More...