Test ID:	1.3.6.1.4.1.25623.1.0.107080
Category:	General
Title:	OpenSSL Multiple Vulnerabilities (Nov 2016) - Windows
Summary:	OpenSSL is prone to multiple vulnerabilities.
Description:	Summary: OpenSSL is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: 1. TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. 2. Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service. Affected Software/OS: OpenSSL 1.1.0 versions prior to 1.1.0c Solution: OpenSSL 1.1.0 users should upgrade to 1.1.0c. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7054 BugTraq ID: 94238 http://www.securityfocus.com/bid/94238 https://www.exploit-db.com/exploits/40899/ http://www.securitytracker.com/id/1037261 Common Vulnerability Exposure (CVE) ID: CVE-2016-7053 BugTraq ID: 94244 http://www.securityfocus.com/bid/94244
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.