OpenSSL Multiple Vulnerabilities

Last Update Date: 2 Mar 2016 14:22 Release Date: 2 Mar 2016 4431 Views

RISK: High Risk

High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were discovered in OpenSSL. A remote user can decrypt TLS sessions in certain cases. Other vulnerabilities could cause denial of service on the target system.

 

TLS sessions could be decrypted by using a server supporting SSLv2. This cross-protocol attack is known as DROWN Attack (CVE-2016-0800). Systems are also affected if they share the same certificate used in a server running SSLv2 protocol.

Impact

  • Denial of Service
  • Information Disclosure

System / Technologies affected

  • Versions prior to 1.0.1s and 1.0.2g

Solutions

  • Upgrade to 1.0.1s or 1.0.2g
  • Server operators should also disable the SSLv2 protocol.
  • An online checking tool is available for examining the DROWN attack vulnerability. Users simply enters a domain or IP and it will tell you whether the server is vulnerable:
    https://drownattack.com/#check

    Not Vulnerable


    Vulnerable

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

avast! Products Heap Overflow Vulnerability

25 Feb 2016 3932 Views

Next

Cisco Products Multiple Vulnerabilities

3 Mar 2016 3906 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY