This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host may be affected by multiple vulnerabilities.
According to its banner, the remote web server is running OpenSSL
version 1.0.0 prior to version 1.0.0h. As such, it reportedly is
affected by the following vulnerabilities :
- An error exists in the function 'mime_hdr_cmp' that
could allow a NULL pointer to be dereferenced when
parsing certain MIME headers. (CVE-2006-7250)
- The fix for CVE-2011-4619 was not complete.
- An error exists in the Cryptographic Message Syntax
(CMS) and PKCS #7 implementation such that data can
be decrypted using Million Message Attack (MMA)
adaptive chosen cipher text attack. (CVE-2012-0884)
- An error exists in the function 'mime_param_cmp' in the
file 'crypto/asn1/asn_mime.c' that can allow a NULL
pointer to be dereferenced when handling certain S/MIME
Note that SSL/TLS applications are not necessarily affected, but those
using CMS, PKCS #7 and S/MIME decryption operations are.
See also :
Upgrade to OpenSSL 1.0.0h or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false