OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities

This script is Copyright (C) 2003-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by
multiple vulnerabilities.

Description :

According to its banner, the remote host is using a version
of OpenSSL older than 0.9.6j or 0.9.7b.

This version is vulnerable to a timing-based attack that could
allow an attacker to guess the content of fixed data blocks and
may eventually be able to guess the value of the private RSA key
of the server.

An attacker may use this implementation flaw to sniff the
data going to this host and decrypt some parts of it, as well
as impersonate the server and perform man-in-the-middle attacks.

See also :

Solution :

Upgrade to version 0.9.6j (0.9.7b) or newer.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11267 ()

Bugtraq ID: 6884

CVE ID: CVE-2003-0078

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now