This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote host may be affected by multiple vulnerabilities.
According to its banner, the remote web server is running a version
of OpenSSL 1.0.1 prior to 1.0.1d. The OpenSSL library is, therefore,
reportedly affected by the following vulnerabilities :
- An error exists related to AES-NI, TLS 1.1, TLS 1.2 and
the handling of CBC ciphersuites that could allow denial
of service attacks. Note that platforms and versions
that do not support AES-NI, TLS 1.1, or TLS 1.2 are not
- An error exists related to the handling of OCSP response
verification that could allow denial of service attacks.
- An error exists related to the SSL/TLS/DTLS protocols,
CBC mode encryption and response time. An attacker
could obtain plaintext contents of encrypted traffic via
timing attacks. (CVE-2013-0169)
See also :
Upgrade to OpenSSL 1.0.1d or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 64534 ()
Bugtraq ID: 577555777860268
CVE ID: CVE-2012-2686CVE-2013-0166CVE-2013-0169
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.