OpenSSL 1.0.1 < 1.0.1e Information Disclosure
Low Nessus Plugin ID 64620
SynopsisThe remote service may be affected by an information disclosure vulnerability.
DescriptionAccording to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1e. The OpenSSL library is, therefore, reportedly affected by an incomplete fix for CVE-2013-0169.
An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks.
SolutionUpgrade to OpenSSL 1.0.1e or later.