This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
OpenSSL Team reports :
Rob Hulswit has found a flaw in the OpenSSL TLS server extension code
parsing which on affected servers can be exploited in a buffer overrun
Any OpenSSL based TLS server is vulnerable if it is multi-threaded and
uses OpenSSL's internal caching mechanism. Servers that are
multi-process and/or disable internal session caching are NOT
In particular the Apache HTTP server (which never uses OpenSSL
internal caching) and Stunnel (which includes its own workaround) are
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.6