This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host may be affected by multiple vulnerabilities.
According to its banner, the remote web server is running a version
of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore,
reportedly affected by the following vulnerabilities :
- An error exists related to the handling of OCSP response
verification that could allow denial of service attacks.
- An error exists related to the SSL/TLS/DTLS protocols,
CBC mode encryption and response time. An attacker
could obtain plaintext contents of encrypted traffic via
timing attacks. (CVE-2013-0169)
See also :
Upgrade to OpenSSL 1.0.0k or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 64533 ()
Bugtraq ID: 577555777860268
CVE ID: CVE-2013-0166CVE-2013-0169
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.