OpenSSL < 0.9.8za / 1.0.0m / 1.0.1h Integer Underflow Vulnerability

High Log Correlation Engine Plugin ID 801938

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The remote host is running a version of OpenSSL which is vulnerable to an integer underflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via buffer overflow.

Solution

Upgrade to OpenSSL 0.9.8za, 1.0.0m, 1.0.1h, or later.

See Also

http://openssl.org/news/secadv_20150319.txt

http://ccsinjection.lepidum.co.jp/

https://www.imperialviolet.org/2014/06/05/earlyccs.html

http://www.openssl.org/news/vulnerabilities.html#CVE-2015-0292

Plugin Details

Severity: High

ID: 801938

Family: Web Servers

Published: 2015/03/19

Nessus ID: 74363, 73403, 74364

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/03/19

Vulnerability Publication Date: 2015/03/19

Reference Information

CVE: CVE-2015-0292

BID: 73228