Home Features FAQ Pricing About Us Contact Us Web Site Monitoring: Website Monitor & Server Monitoring
Web Server Monitoring
Login

E-mail:

Password:



Secure Login
Lost Password

See Also
FREE TRIAL!
Spot Check URL
Articles
Link to Us
Demo Account
ASL Reference


Security Check Details

OpenSSL < 0.9.8m Multiple Vulnerabilities
Synopsis :

The remote web server has multiple SSL-related vulnerabilities.

Description :

According to its banner, the remote web server uses a version of
OpenSSL older than 0.9.8m. Such versions have the following
vulnerabilities :

- Session renegotiations are not handled properly, which could
be exploited to insert arbitrary plaintext by a
man-in-the-middle. (CVE-2009-3555)

- The library does not check for a NULL return value from calls
to the bn_wexpand() function, which has unspecified impact.
(CVE-2009-3245)

See also :

http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest
http://marc.info/?l=openssl-announce&m=126714485629486&w=2

Solution :

Upgrade to OpenSSL 0.9.8m or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)


More at Nessus.org



 Device Status

Not logged in.

What's This?

Web Site Monitoring · Security Scan · Features · FAQ · Pricing · About Us · Contact Us · Site Map

Copyright © 2000-2010 Alertra, Inc. All rights reserved. Please read our privacy statement and our terms of service.