OpenSSL 3.0 (SSLv3) Information Disclosure Vulnerability
Last Update Date:
16 Dec 2014
Release Date:
16 Oct 2014
5171
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in OpenSSL (SSLv3), which could be exploited by remote attackers to decrypt SSL sessions in certain cases and disclose sensitive information.
Impact
- Information Disclosure
System / Technologies affected
- All servers and clients that implement SSL 3.0.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- To test if your server is vulnerable, use https://ssltest.com
- To test if your client is vulnerable, use https://www.poodletest.com
- Apply proper configuration in servers and client applications:
http://www.circl.lu/pub/tr-28/
Vulnerability Identifier
Source
Related Link
Share with