This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote server is affected by multiple vulnerabilities.
According to its banner, the remote server is running a version of
OpenSSL prior to 0.9.8k. It is, therefore, affected by multiple
- A denial of service vulnerability exists in the
ASN1_STRING_print_ex() function due to improper string
handling. A remote attacker can exploit this to cause an
invalid memory access and application crash.
- A flaw exists in the CMS_verify() function due to
improper handling of errors associated with malformed
signed attributes. A remote attacker can exploit this to
repudiate a signature that originally appeared to be
valid but was actually invalid. (CVE-2009-0591)
- A denial of service vulnerability exists due to improper
handling of malformed ASN.1 structures. A remote
attacker can exploit this to cause an invalid memory
access and application crash. (CVE-2009-0789)
- A memory leak exists in the SSL_free() function in
ssl_lib.c. A remote attacker can exploit this to exhaust
memory resources, resulting in a denial of service
See also :
Upgrade to OpenSSL version 0.9.8k or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true