This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host may be affected by multiple vulnerabilities.
According to its banner, the remote web server is running OpenSSL
version 1.0.0 prior to version 1.0.0h. As such, it reportedly is
affected by the following vulnerabilities :
- An error exists in the function 'mime_hdr_cmp' that
could allow a NULL pointer to be dereferenced when
parsing certain MIME headers. (CVE-2006-7250)
- The fix for CVE-2011-4619 was not complete.
- An error exists in the Cryptographic Message Syntax
(CMS) and PKCS #7 implementation such that data can
be decrypted using Million Message Attack (MMA)
adaptive chosen cipher text attack. (CVE-2012-0884)
- An error exists in the function 'mime_param_cmp' in the
file 'crypto/asn1/asn_mime.c' that can allow a NULL
pointer to be dereferenced when handling certain S/MIME
Note that SSL/TLS applications are not necessarily affected, but those
using CMS, PKCS #7 and S/MIME decryption operations are.
See also :
Upgrade to OpenSSL 1.0.0h or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 58565 ()
Bugtraq ID: 51281521815242852764
CVE ID: CVE-2006-7250CVE-2011-4619CVE-2012-0884CVE-2012-1165
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.