| VID |
22911 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2r. It is, therefore, affected by an information disclosure vulnerability due to the decipherable way a application responds to a 0 byte record. An unauthenticated, remote attacker could exploit this vulnerability, via a padding oracle attack, to potentially disclose sensitive information.
* References:
https://mta.openssl.org/pipermail/openssl-announce/2019-February/000145.html
* Platforms Affected:
OpenSSL 1.0.x before 1.0.2r
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of OpenSSL (1.0.2r or later), available from the OpenSSL Web site at http://www.openssl.org/ |
| Related URL |
CVE-2019-1559 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
