OpenSSL <= 0.9.8f DoS
Medium Nessus Network Monitor Plugin ID 8663
SynopsisThe remote web server is running an outdated instance of OpenSSL which is prone to a denial of service vulnerability.
DescriptionAccording to its banner, the remote host is running a version of OpenSSL older than 0.9.8g. Such versions are prone to a denial of service vulnerability due to an error in the 'hostname' TLS extension. Specifically, the issue affects the 'ssl/ssl_lib.c' source file. An attacker can exploit this issue to cause a memory access violation, potentially crashing the service and denying access to legitimate users.
SolutionUpgrade to OpenSSL 0.9.8g or later.