F5 Networks BIG-IP : OpenSSL vulnerability (SOL11533)
Medium Nessus Plugin ID 78126
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer de-reference, related to the minor version number.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL11533.