The host is installed with OpenSSL before 0.9.8u or 1.x before 1.0.0h and is prone to a security bypass vulnerability. A flaw is present in the Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL, which does not properly handle Million Message Attack (MMA) adaptive chosen ciphertext attack. Successful exploitation allows context-dependent attackers to decrypt data.