Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Remediation
References
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)
PHP Other Vulnerability (CVE-2015-2301)
WordPress Plugin BizLibrary Cross-Site Scripting (1.1)
WordPress Plugin WP Activity Log Security Bypass (3.3.1.1)
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0)