Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL <= 0.9.8f DoS

Medium

Synopsis

The remote web server is running an outdated instance of OpenSSL which is prone to a denial of service vulnerability.

Description

According to its banner, the remote host is running a version of OpenSSL older than 0.9.8g. Such versions are prone to a denial of service vulnerability due to an error in the 'hostname' TLS extension. Specifically, the issue affects the 'ssl/ssl_lib.c' source file. An attacker can exploit this issue to cause a memory access violation, potentially crashing the service and denying access to legitimate users.

Solution

Upgrade to OpenSSL 0.9.8g or later.