SSL Insecure Protocols

medium Web App Scanning Plugin ID 112494

Language:

Synopsis

Description

The remote server offers insecure SSL protocol version which can lead to vulnerability exploitation.

Solution

Reconfigure the affected application, if possible to avoid the use of insecure SSL protocol versions (SSLv2 and SSLv3).

Plugin Details

Severity: Medium

ID: 112494

Type: remote

Family: SSL/TLS

Published: 10/3/2018

Updated: 11/26/2021

Scan Template: api, basic, config_audit, full, pci, quick, scan, ssl_tls

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information

CWE: 327

OWASP: 2010-A9, 2013-A6, 2017-A3, 2021-A2

WASC: Insufficient Transport Layer Protection

CAPEC: 20, 459, 473, 475, 608, 614, 97

DISA STIG: APSC-DV-002440

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.10.1.2

NIST: sp800_53-SC-12

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-9.1.2

PCI-DSS: 3.2-6.5.3, 3.2-6.5.4

Detections

Analytics

SSL Insecure Protocols

medium Web App Scanning Plugin ID 112494

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Reference Information