| VID |
22823 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2n.
It is, therefore, affected by multiple vulnerabilities that allow potential recovery of private key information or failure to properly encrypt data.
* References:
https://www.openssl.org/news/secadv/20171207.txt
* Platforms Affected:
OpenSSL 1.0.2 before 1.0.2n
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of OpenSSL (1.0.2n or later), available from the OpenSSL Web site at http://www.openssl.org/ |
| Related URL |
CVE-2017-3737,CVE-2017-3738 (CVE) |
| Related URL |
102103,102118 (SecurityFocus) |
| Related URL |
(ISS) |
|
