Description
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Remediation
References
Related Vulnerabilities
Serendipity Other Vulnerability (CVE-2005-3129)
WordPress Improper Input Validation Vulnerability (CVE-2020-28037)
OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)
Dolibarr Missing Authorization Vulnerability (CVE-2023-4198)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)