This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote server is affected by multiple vulnerabilities.
According to its banner, the remote server is running a version of
OpenSSL that is earlier than 0.9.7l or 0.9.8d. As such, it is
affected by multiple vulnerabilities :
- A remote attacker could trigger a denial of service,
either via malformed ASN.1 structures or specially
crafted public keys. (CVE-2006-2937, CVE-2006-3738)
- A remote attacker could execute arbitrary code on the
remote server by exploiting a buffer overflow in the
SSL_get_shared_ciphers function. (CVE-2006-2940)
- A remote attacker could crash a client by sending an
invalid server Hello. (CVE-2006-4343)
See also :
Upgrade to OpenSSL 0.9.7l / 0.9.8d or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 17757 ()
Bugtraq ID: 202472024820249
CVE ID: CVE-2006-2937CVE-2006-3738CVE-2006-2940CVE-2006-4343
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.