This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote host may be affected by multiple vulnerabilities.
According to its banner, the remote web server uses an OpenSSL
version prior to 0.9.8u. As such, it is reportedly affected by
the following vulnerabilities :
- An error exists in the function 'mime_hdr_cmp' that
could allow a NULL pointer to be dereferenced when
parsing certain MIME headers. (CVE-2006-7250)
- The fix for CVE-2011-4619 was not complete.
- An error exists in the Cryptographic Message Syntax
(CMS) and PKCS #7 implementation such that data can
be decrypted using Million Message Attack (MMA)
adaptive chosen cipher text attack. (CVE-2012-0884)
- An error exists in the function 'mime_param_cmp' in the
file 'crypto/asn1/asn_mime.c' that can allow a NULL
pointer to be dereferenced when handling certain S/MIME
Note that SSL/TLS applications are not necessarily affected, but
those using CMS, PKCS #7 and S/MIME decryption operations are.
See also :
Upgrade to OpenSSL 0.9.8u or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false