This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote service is affected by multiple vulnerabilities.
According to its banner, the remote web server uses a version of
OpenSSL 1.0.0 prior to 1.0.0n. The OpenSSL library is, therefore,
affected by the following vulnerabilities :
- A memory double-free error exists related to handling
DTLS packets that allows denial of service attacks.
- An unspecified error exists related to handling DTLS
handshake messages that allows denial of service attacks
due to large amounts of memory being consumed.
- A memory leak error exists related to handling
specially crafted DTLS packets that allows denial of
service attacks. (CVE-2014-3507)
- An error exists related to 'OBJ_obj2txt' and the pretty
printing 'X509_name_*' functions which leak stack data,
resulting in an information disclosure. (CVE-2014-3508)
- An error exists related to 'ec point format extension'
handling and multithreaded clients that allows freed
memory to be overwritten during a resumed session.
- A NULL pointer dereference error exists related to
handling anonymous ECDH cipher suites and crafted
handshake messages that allow denial of service attacks
against clients. (CVE-2014-3510)
See also :
Upgrade to OpenSSL 1.0.0n or later.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 77087 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now