Soluciones para vulnerabilidades

La exploración de vulnerabilidades periódica de Nimsoft Cloud Monitor busca la vulnerabilidad siguiente. Para ver las soluciones añadidas más recientemente que Nimsoft Cloud Monitor explora, visite Soluciones para vulnerabilidades.

Categoría: Web Servers Factor de riesgo: Critical Añadido: 12 mar 2010
Synopsis:

The remote web server has multiple SSL-related vulnerabilities.

Description:

According to its banner, the remote web server uses a version of OpenSSL older than 0.9.8m. Such versions have the following vulnerabilities :

- Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555)

- The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact. (CVE-2009-3245)

See also:

http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest
http://marc.info/?l=openssl-announce&m=126714485629486&w=2

Solution:

Upgrade to OpenSSL 0.9.8m or later.

Risk factor:

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)