This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server is affected by multiple SSL-related
According to its banner, the remote web server is running a version
of OpenSSL 1.x prior to 1.0.0e. It is, therefore, affected by the
following vulnerabilities :
- An error exists related to ECDSA signatures and binary
curves. The implementation of curves over binary fields
could allow a remote, unauthenticated attacker to
determine private key material via timing attacks.
- An error exists in the internal certificate verification
process that can allow improper acceptance of a
certificate revocation list (CRL) if the list's
'nextUpdate' field contains a date in the past. Note
that this internal CRL checking is not enabled by
- An error exists in the code for the ephemeral
(EC)DH cipher suites that can allow a remote attacker to
crash the process. (CVE-2011-3210)
See also :
Upgrade to OpenSSL 1.0.0e or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 56162 ()
Bugtraq ID: 478884946949471
CVE ID: CVE-2011-1945CVE-2011-3207CVE-2011-3210
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.