This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
shellinabox was updated to version 2.20 to fix the following security
- It was possible to fallback to the HTTP protocol even
when configured for HTTPS. (CVE-2015-8400, boo#957748)
- Disable secure client-initiated renegotiation
- Set SSL options for increased security (disable SSLv2,
- Protection against large HTTP requests
non security fixes :
- Includes some MSIE and iOS rendering fixes
See also :
Update the affected shellinabox packages.
Risk factor :
Medium / CVSS Base Score : 4.3