Download
| Alert*
|
oval:org.secpod.oval:def:78642
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:69230 The host is installed with OpenSSL 1.0.2s through 1.0.2x and is prone to an incorrect SSLv2 rollback protection vulnerability. A flaw is present in the application, which fails to correctly handle the padding check logic implemented in a server that supports greater than SSLv2. On successful exploit ... oval:org.secpod.oval:def:2106578 Oracle Solaris 11 - ( CVE-2021-23840 ) oval:org.secpod.oval:def:1700549 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than ... |
