Summary
OpenSSL is prone to a remote memory-corruption vulnerability.
According to its banner, OVS has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable
An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library.
Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of- service condition.
Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-0742 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities