Description

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Remediation

References

CVE-2011-4108

Related Vulnerabilities

Mailman Other Vulnerability (CVE-2005-0202)

WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)

Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2021-33322)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-3197)

Severity

Medium

Classification

CVE-2011-4108

Tags

Missing Update Known Vulnerabilities