Synopsis
The remote server is affected by multiple vulnerabilities.
Description
According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8l. As such, it may be affected by multiple vulnerabilities :
- A remote attacker could crash the server by sending malformed ASN.1 data. This flaw only affects some architectures, Win64 and other unspecified platforms. (CVE-2009-0789)
- A remote attacker could saturate the server by sending a big number of 'future epoch' DTLS records. (CVE-2009-1377)
- A remote attacker could saturate the server by sending duplicate DTLS records, or DTLS records with too big sequence numbers. (CVE-2009-1378)
- A remote attacker could spoof certificates by computing MD2 hash collisions. (CVE-2009-2409)
Solution
Upgrade to OpenSSL 0.9.8l or later.