Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability

Information

Severity

Severity

High

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

3 years ago

Summary

OpenSSL is prone to a remote memory-corruption vulnerability.

Insight

Insight

An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library.

Affected Software

Affected Software

Versions of OpenSSL 0.9.8.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.

Detection Method

Detection Method

According to its banner the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable.

Solution

Solution

Updates are available. Please see the references for more information.

Common Vulnerabilities and Exposures (CVE)