Summary
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
According to its banner, OVS has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 0.9.8f through 0.9.8m are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-0740 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
- Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- Denial of Service (DoS) in Microsoft SMS Client