Description

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Remediation

References

CVE-2011-4108

Related Vulnerabilities

WordPress Plugin WordPress Landing Pages Cross-Site Scripting (2.2.4)

WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.6.11)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.9)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (4.0.8)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Multiple Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2011-4108

Tags

Missing Update Known Vulnerabilities