This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote SSL layer is affected by a denial of service
According to its banner, the remote server is running a version of
OpenSSL that is earlier than 0.9.8p / 1.0.0e.
A remote attacker could crash client software when using ECDH. The
impact of this vulnerability is not clear
arbitrary code could be run
Note that OpenSSL changelog only reports a fix for 0.9.8p. 1.0.0a is
definitely vulnerable. Gentoo reports a fix for 1.0.0e but it covers
other flaws.NVD reports 0.9.7 as vulnerable too but does not give any
See also :
Upgrade to OpenSSL 0.9.8p / 1.0.0e or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.4
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 17767 ()
Bugtraq ID: 42306
CVE ID: CVE-2010-2939
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.