This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote SSL layer is affected by a denial of service
According to its banner, the remote server is running a version of
OpenSSL that is earlier than 0.9.8p / 1.0.0e.
A remote attacker could crash client software when using ECDH. The
impact of this vulnerability is not clear
arbitrary code could be run
Note that OpenSSL changelog only reports a fix for 0.9.8p. 1.0.0a is
definitely vulnerable. Gentoo reports a fix for 1.0.0e but it covers
other flaws.NVD reports 0.9.7 as vulnerable too but does not give any
See also :
Upgrade to OpenSSL 0.9.8p / 1.0.0e or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.4
Public Exploit Available : true