This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote web server has a SSL-related vulnerability.
According to its banner, the remote web server is running a version
of OpenSSL older than 0.9.8o / 1.0.0a. Such versions have the
following vulnerabilities :
- The mishandling of Cryptographic Message Syntax
structures containing an OriginatorInfo element can
lead to data being written to invalid memory addresses
or memory being freed up twice. (CVE-2010-0742)
- An uninitialized buffer of undefined length is returned
when verification recovery fails for RSA keys. This
allows an attacker to bypass key checks in applications
calling the function EVP_PKEY_verify_recover(). Note
this function is not used by OpenSSLcode itself.
See also :
Upgrade to OpenSSL 0.9.8o / 1.0.0a or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 46801 ()
Bugtraq ID: 4050240503
CVE ID: CVE-2010-0742CVE-2010-1633
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.