This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote service may be affected by an information disclosure
According to its banner, the remote web server is running a version of
OpenSSL 1.0.1 prior to 1.0.1e. The OpenSSL library is, therefore,
reportedly affected by an incomplete fix for CVE-2013-0169.
An error exists related to the SSL/TLS/DTLS protocols, CBC mode
encryption and response time. An attacker could obtain plaintext
contents of encrypted traffic via timing attacks.
See also :
Upgrade to OpenSSL 1.0.1e or later.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.3
Public Exploit Available : false