This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote server is affected by multiple vulnerabilities.
According to its banner, the remote server is running a version of
OpenSSL prior to 0.9.8k. It is, therefore, affected by multiple
- A denial of service vulnerability exists in the
ASN1_STRING_print_ex() function due to improper string
handling. A remote attacker can exploit this to cause an
invalid memory access and application crash.
- A flaw exists in the CMS_verify() function due to
improper handling of errors associated with malformed
signed attributes. A remote attacker can exploit this to
repudiate a signature that originally appeared to be
valid but was actually invalid. (CVE-2009-0591)
- A denial of service vulnerability exists due to improper
handling of malformed ASN.1 structures. A remote
attacker can exploit this to cause an invalid memory
access and application crash. (CVE-2009-0789)
- A memory leak exists in the SSL_free() function in
ssl_lib.c. A remote attacker can exploit this to exhaust
memory resources, resulting in a denial of service
See also :
Upgrade to OpenSSL version 0.9.8k or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 17763 ()
Bugtraq ID: 3425673121
CVE ID: CVE-2009-0590CVE-2009-0591CVE-2009-0789CVE-2009-5146
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.