This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote web server has multiple SSL-related vulnerabilities.
According to its banner, the remote web server uses a version of
OpenSSL older than 0.9.8m. Such versions have the following
- Session renegotiations are not handled properly, which could
be exploited to insert arbitrary plaintext by a
- The library does not check for a NULL return value from calls
to the bn_wexpand() function, which has unspecified impact.
- A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c
allows remote attackers to cause a denial of service via vectors that
trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.
For this vulnerability to be exploitable, compression must be enabled in OpenSSL
for SSL/TLS connections.
See also :
Upgrade to OpenSSL 0.9.8m or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 45039 ()
Bugtraq ID: 316923693538562
CVE ID: CVE-2006-4343CVE-2008-1678CVE-2009-3245CVE-2009-3555CVE-2009-4355
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.