Test ID:	1.3.6.1.4.1.25623.1.0.112966
Category:	General
Title:	OpenSSL: Invalid TLS/DTLS Record Attack (20120510) - Windows
Summary:	OpenSSL is prone to a buffer underflow vulnerability.
Description:	Summary: OpenSSL is prone to a buffer underflow vulnerability. Vulnerability Insight: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers, or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Affected Software/OS: OpenSSL 0.9.8 through 0.9.8w, 1.0.0 through 1.0.0i and 1.0.1 through 1.0.1b. Solution: Update to version 0.9.8x, 1.0.0j, 1.0.1c or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2333 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html BugTraq ID: 53476 http://www.securityfocus.com/bid/53476 CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2475 (Google Search) http://www.debian.org/security/2012/dsa-2475 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02814 http://marc.info/?l=bugtraq&m=134919053717161&w=2 HPdes Security Advisory: SSRT100930 HPdes Security Advisory: SSRT101108 http://www.mandriva.com/security/advisories?name=MDVSA-2012:073 http://www.cert.fi/en/reports/2012/vulnerability641549.html RedHat Security Advisories: RHSA-2012:0699 http://rhn.redhat.com/errata/RHSA-2012-0699.html RedHat Security Advisories: RHSA-2012:1306 http://rhn.redhat.com/errata/RHSA-2012-1306.html RedHat Security Advisories: RHSA-2012:1307 http://rhn.redhat.com/errata/RHSA-2012-1307.html RedHat Security Advisories: RHSA-2012:1308 http://rhn.redhat.com/errata/RHSA-2012-1308.html http://www.securitytracker.com/id?1027057 http://secunia.com/advisories/49116 http://secunia.com/advisories/49208 http://secunia.com/advisories/49324 http://secunia.com/advisories/50768 http://secunia.com/advisories/51312 SuSE Security Announcement: SUSE-SU-2012:0678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html SuSE Security Announcement: SUSE-SU-2012:0679 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html XForce ISS Database: openssl-tls-record-dos(75525) https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.