This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote web server has multiple SSL-related vulnerabilities.
According to its banner, the remote web server is running a version
of OpenSSL older than 0.9.8n. Such versions have the following
- Kerberos-enabled versions of OpenSSL do not check
the return value when Kerberos configuration files
cannot be opened, leading to a crash. (CVE-2010-0433)
- Rejecting a SSL/TLS record with an incorrect version
number can lead to a crash. This only affects version
0.9.8m if a 'short' is 16 bits. Otherwise, it affects
all versions back to and including 0.9.8f.
See also :
Upgrade to OpenSSL 0.9.8n or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 45359 ()
Bugtraq ID: 3853339013
CVE ID: CVE-2010-0433CVE-2010-0740
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.