OpenSSL 0.9.7 < 0.9.7h Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...

K61903372: OpenSSL vulnerability CVE-2021-23839

Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support...

Amazon Linux 2 : openssl11 (ALAS-2021-1612)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1612 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases...

OpenSSL 1.0.2 < 1.0.2y Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2y. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2y advisory. - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial numb...

CVE-2021-23839

A flaw was found in openssl. OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. However since there is...

Authorization Bypass

openssl is vulnerable to authorization bypass. The vulnerability exists when a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients...

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Windows

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Design/Logic Flaw

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

CVE-2021-23839

CVE-2021-23839 describes a padding-check logic error in OpenSSL 1.0.2 (affecting 1.0.2s–1.0.2x) where RSA_padding_check_SSLv23() mis-handles SSLv2 rollback protection. The bug causes a server configured for SSLv2 in combination with newer TLS versions to accept connections when a version-rollback...

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

Vulnerability in OpenSSL - Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...