Lucene search

K
f5F5F5:K14261
HistoryApr 03, 2014 - 12:00 a.m.

K14261 : OpenSSL OCSP vulnerability CVE-2013-0166

2014-04-0300:00:00
my.f5.com
15

7.5 High

AI Score

Confidence

High

Security Advisory Description

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol (OCSP) responses, which allow remote attackers to cause a denial-of-service (DoS) (NULL pointer dereference and application crash) by way of an invalid key.

Impact

Attackers may be able to cause a DoS by using an invalid key in OCSP responses.