| VID |
22747 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the remote host is running a version of OpenSSL 1.1.0 prior to 1.1.0a. It is, therefore, affected by the following vulnerabilities :
- A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)
- A flaw exists in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)
- A denial of service vulnerability exists in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307)
- A denial of service vulnerability exists in the DTLS implementation due to improper handling of excessively long DTLS messages. An unauthenticated, remote attacker can exploit this, via a crafted DTLS message, to exhaust available memory resources. (CVE-2016-6308)
* References:
https://www.openssl.org/news/secadv/20160922.txt
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
* Platforms Affected:
OpenSSL 1.1.0 before 1.1.0a
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of OpenSSL (1.1.0a or later), available from the OpenSSL Web site at http://www.openssl.org/ |
| Related URL |
CVE-2016-6304,CVE-2016-6305,CVE-2016-6307,CVE-2016-6308 (CVE) |
| Related URL |
93149,93150,93151,93152 (SecurityFocus) |
| Related URL |
(ISS) |
|
