Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

Versions of OpenSSL earlier than 0.9.8q and 1.0.0c are potentially affected by multiple vulnerabilities :

- It may be possible to downgrade the ciphersuite to a weaker version by modifying the stored session cache cipher suite.

- An error exists in the J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret. IAVA Reference : 2011-A-0160 IAVB Reference : 2012-B-0038 STIG Finding Severity : Category I

Solution

Upgrade to OpenSSL 0.9.8q, 1.0.0c, or later.