Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL 1.1.0 < 1.1.0e DoS

High

Synopsis

The remote web server is running an outdated instance of OpenSSL and is affected by a Denial of Service (DoS) attack vector.

Description

According to its banner, the version of OpenSSL on the remote host is version 1.1.0 prior to 1.1.0e and is affected by a flaw that is triggered when handling renegotiation handshakes where the 'Encrypt-Then-Mac' extension is negotiated when it was not in the initial handshake, or vice versa. This may allow a remote attacker to cause OpenSSL to crash.

Solution

Upgrade OpenSSL to version 1.1.0e or higher