VID |
22654 |
Severity |
30 |
Port |
80, ... |
Protocol |
TCP |
Class |
WWW |
Detailed Description |
According to its banner, the remote web server uses a version of OpenSSL older than 1.0.0p. Such versions may be affected by the following vulnerabilities :
- A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon. (CVE-2014-3569) - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists with dtls1_get_record when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275) - A flaw exists when handling an RSA temporary key in a non-export RSA key exchange ciphersuite. This allows a remote attacker to downgrade the security of the session. (CVE-2015-0204) - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message. This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205) - A memory leak occurs in dtls1_buffer_record when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service. (CVE-2015-0206)
* References: https://www.openssl.org/news/openssl-1.0.0-notes.html https://www.openssl.org/news/secadv_20150108.txt
* Platforms Affected: OpenSSL 1.0.0 before 1.0.0p |
Recommendation |
Upgrade to the latest version of OpenSSL (1.0.0p or later), available from the OpenSSL Web site at http://www.openssl.org/ |
Related URL |
CVE-2014-3569,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206 (CVE) |
Related URL |
71934,71935,71936,71937,71939,71940,71941,71942 (SecurityFocus) |
Related URL |
(ISS) |
|