SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionOpenSSL versions earlier than 0.9.8u and 1.0.0h are potentially affected by multiple vulnerabilities :
- A NULL pointer dereference flaw exists in mime_param_cmp. A specially crafted S/MIME input header could cause an application to crash during S/MIME message verification or decryption. (CVE-2012-1165)
- A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding. Note that only users of CMS, PKCS 7, or S/MIME decryption operations are affected.
SolutionUpgrade to OpenSSL 0.9.8u, 1.0.0h, or later.