Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4293)
MySQL CVE-2021-2166 Vulnerability (CVE-2021-2166)
Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)
Oracle Database Server CVE-2015-4923 Vulnerability (CVE-2015-4923)
WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3)