OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability Network Vulnerability

Summary

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, OVS has discovered that the remote Webserver is using version 1.0.0a of OpenSSL which is vulnerable. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in a denial-of-service condition. The issue affects OpenSSL 1.0.0a other versions may also be affected.

References

http://seclists.org/fulldisclosure/2010/Aug/84
http://www.openssl.org
https://www.securityfocus.com/bid/42306

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2939

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari 'SRC' Remote Denial Of Service Vulnerability
Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
Apple Safari 'background' Remote Denial Of Service Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - March 2011
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)

Take action and discover your vulnerabilities