Description

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

Remediation

References

CVE-2011-5095

Related Vulnerabilities

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)

Magento CVE-2019-8150 Vulnerability (CVE-2019-8150)

Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0300)

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

Severity

Medium

Classification

CVE-2011-5095

Tags

Missing Update Known Vulnerabilities