This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote host may be affected by a memory corruption vulnerability.
According to its banner, the remote web server is running a version
of OpenSSL earlier than 0.9.8w. As such, the OpenSSL library itself
is reportedly affected by a memory corruption vulnerability via an
integer truncation error in the function 'asn1_d2i_read_bio' when
reading ASN.1 DER format data.
Applications using the 'BIO' or 'FILE' based functions (i.e.,
'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue.
Also affected are 'S/MIME' or 'CMS' applications using
'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command
line utility is affected if used to handle untrusted DER formatted
Note that the SSL/TLS code of OpenSSL is not affected. Also not
affected are applications using memory-based ASN.1 functions (e.g.,
'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM
Note also that the original fix for CVE-2012-2110 in 0.9.8v was
incomplete because the functions 'BUF_MEM_grow' and
'BUF_MEM_grow_clean', in file 'openssl/crypto/buffer/buffer.c', did
not properly account for negative values of the argument 'len'.
See also :
Upgrade to OpenSSL 0.9.8w or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 58799 ()
Bugtraq ID: 5315853212
CVE ID: CVE-2012-2110CVE-2012-2131
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.