Denial of Service : OpenSSL: OCSP Stapling Vulnerability (20110208)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.112952

Categoría: Denial of Service

Título: OpenSSL: OCSP Stapling Vulnerability (20110208) - Windows

Resumen: OpenSSL is prone to an OCSP stapling vulnerability.

Descripción: Summary:
OpenSSL is prone to an OCSP stapling vulnerability.

Vulnerability Insight:
Incorrectly formatted ClientHello handshake messages could
cause OpenSSL to parse past the end of the message.

Affected Software/OS:
OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c.

Solution:
Update to version 0.9.8r, 1.0.0d or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0014
1025050
http://www.securitytracker.com/id?1025050
43227
http://secunia.com/advisories/43227
43286
http://secunia.com/advisories/43286
43301
http://secunia.com/advisories/43301
43339
http://secunia.com/advisories/43339
44269
http://secunia.com/advisories/44269
46264
http://www.securityfocus.com/bid/46264
57353
http://secunia.com/advisories/57353
70847
http://osvdb.org/70847
ADV-2011-0361
http://www.vupen.com/english/advisories/2011/0361
ADV-2011-0387
http://www.vupen.com/english/advisories/2011/0387
ADV-2011-0389
http://www.vupen.com/english/advisories/2011/0389
ADV-2011-0395
http://www.vupen.com/english/advisories/2011/0395
ADV-2011-0399
http://www.vupen.com/english/advisories/2011/0399
ADV-2011-0603
http://www.vupen.com/english/advisories/2011/0603
APPLE-SA-2011-06-23-1
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
DSA-2162
http://www.debian.org/security/2011/dsa-2162
FEDORA-2011-1273
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html
HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPSBUX02689
http://marc.info/?l=bugtraq&m=131042179515633&w=2
MDVSA-2011:028
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028
NetBSD-SA2011-002
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc
RHSA-2011:0677
http://www.redhat.com/support/errata/RHSA-2011-0677.html
SSA:2011-041-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823
SSRT100413
SSRT100475
SSRT100494
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1064-1
http://www.ubuntu.com/usn/USN-1064-1
http://support.apple.com/kb/HT4723
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.openssl.org/news/secadv_20110208.txt
https://support.f5.com/csp/article/K10534046
oval:org.mitre.oval:def:18985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.112952
Categoría:	Denial of Service
Título:	OpenSSL: OCSP Stapling Vulnerability (20110208) - Windows
Resumen:	OpenSSL is prone to an OCSP stapling vulnerability.
Descripción:	Summary: OpenSSL is prone to an OCSP stapling vulnerability. Vulnerability Insight: Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. Affected Software/OS: OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c. Solution: Update to version 0.9.8r, 1.0.0d or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0014 1025050 http://www.securitytracker.com/id?1025050 43227 http://secunia.com/advisories/43227 43286 http://secunia.com/advisories/43286 43301 http://secunia.com/advisories/43301 43339 http://secunia.com/advisories/43339 44269 http://secunia.com/advisories/44269 46264 http://www.securityfocus.com/bid/46264 57353 http://secunia.com/advisories/57353 70847 http://osvdb.org/70847 ADV-2011-0361 http://www.vupen.com/english/advisories/2011/0361 ADV-2011-0387 http://www.vupen.com/english/advisories/2011/0387 ADV-2011-0389 http://www.vupen.com/english/advisories/2011/0389 ADV-2011-0395 http://www.vupen.com/english/advisories/2011/0395 ADV-2011-0399 http://www.vupen.com/english/advisories/2011/0399 ADV-2011-0603 http://www.vupen.com/english/advisories/2011/0603 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html DSA-2162 http://www.debian.org/security/2011/dsa-2162 FEDORA-2011-1273 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html HPSBMA02658 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPSBUX02689 http://marc.info/?l=bugtraq&m=131042179515633&w=2 MDVSA-2011:028 http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 NetBSD-SA2011-002 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc RHSA-2011:0677 http://www.redhat.com/support/errata/RHSA-2011-0677.html SSA:2011-041-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 SSRT100413 SSRT100475 SSRT100494 SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1064-1 http://www.ubuntu.com/usn/USN-1064-1 http://support.apple.com/kb/HT4723 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.openssl.org/news/secadv_20110208.txt https://support.f5.com/csp/article/K10534046 oval:org.mitre.oval:def:18985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985
Copyright	Copyright (C) 2021 Greenbone Networks GmbH