| VID |
22677 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the remote web server uses a version of OpenSSL which is 1.0.1n or 1.0.1o. Such versions may be affected by a certificate validation bypass vulnerability, due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication.
* References:
http://openssl.org/news/secadv_20150709.txt
* Platforms Affected:
OpenSSL 1.0.1n or 1.0.1o |
| Recommendation |
Upgrade to the latest version of OpenSSL (1.0.1p or later), available from the OpenSSL Web site at http://www.openssl.org/ |
| Related URL |
CVE-2015-1793 (CVE) |
| Related URL |
75652 (SecurityFocus) |
| Related URL |
(ISS) |
|
