SSL Insecure Protocols

Medium Web Application Scanning Plugin ID 112494

Synopsis

SSL Insecure Protocols

Description

The remote server offers insecure SSL protocol version which can lead to vulnerability exploitation.

Solution

Reconfigure the affected application, if possible to avoid the use of insecure SSL protocol versions (SSLv2 and SSLv3).

Plugin Details

Severity: Medium

ID: 112494

Type: remote

Family: SSL/TLS

Published: 2018/10/03

Updated: 2018/10/03

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference Information

CWE: 327

WASC: Insufficient Transport Layer Protection

OWASP: 2010-A9, 2013-A6, 2017-A3