Description

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Remediation

References

CVE-2008-1672

Related Vulnerabilities

Drupal Core 6.x Security Bypass (6.0 - 6.35)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4133)

Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.1)

WordPress Plugin WordPress Facebook SQL Injection (1.0.13)

Severity

Medium

Classification

CVE-2008-1672 CWE-476

Tags

Missing Update Known Vulnerabilities