OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities
Medium Nessus Plugin ID 71857
SynopsisThe remote service may be affected by multiple vulnerabilities.
DescriptionAccording to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1f. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists in the 'ssl3_take_mac' function in the file 'ssl/s3_both.c' related to handling TLS handshake traffic that could lead to denial of service attacks.
- An error exists in the 'ssl_get_algorithm2' function in the file 'ssl/s3_lib.c' related to handling TLS 1.2 traffic that could lead to denial of service attacks.
- An error exists related to man-in-the-middle attackers and handling DTLS processes that could lead to various security bypasses. (CVE-2013-6450)
SolutionUpgrade to OpenSSL 1.0.1f or later.