OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability
Medium Nessus Plugin ID 122504
SynopsisA service running on the remote host is affected by an information disclosure vulnerability.
DescriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2r. It is, therefore, affected by an information disclosure vulnerability due to the decipherable way a application responds to a 0 byte record. An unauthenticated, remote attacker could exploit this vulnerability, via a padding oracle attack, to potentially disclose sensitive information.
Note: Only 'non-stitched' ciphersuites are exploitable.
SolutionUpgrade to OpenSSL version 1.0.2r or later.