OpenSSL 1.1.0 < 1.1.0e DoS
High Nessus Network Monitor Plugin ID 9971
SynopsisThe remote web server is running an outdated instance of OpenSSL and is affected by a Denial of Service (DoS) attack vector.
DescriptionAccording to its banner, the version of OpenSSL on the remote host is version 1.1.0 prior to 1.1.0e and is affected by a flaw that is triggered when handling renegotiation handshakes where the 'Encrypt-Then-Mac' extension is negotiated when it was not in the initial handshake, or vice versa. This may allow a remote attacker to cause OpenSSL to crash.
SolutionUpgrade OpenSSL to version 1.1.0e or higher