OpenSSL < 0.9.8m Multiple Vulnerabilities
High Log Correlation Engine Plugin ID 801064
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionAccording to its banner, the remote host is running a version of OpenSSL older than 0.9.8m. Such versions potentially have the following vulnerabilities :
- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)
- The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact. (CVE-2009-3245)
IAVA Reference : 2011-A-0107
IAVB Reference : 2012-B-0038
STIG Finding Severity : Category I
SolutionUpgrade to OpenSSL 0.9.8m or later.