6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
OpenSSL is vulnerable to denial of service (DoS) attacks and possibly other attacks. These attacks are possible because there is an integer underflow when TLS 1.1, TLS 1.2 or DTLS is used with CBC encryption.
cvs.openssl.org/chngview?cn=22538
cvs.openssl.org/chngview?cn=22547
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
marc.info/?l=bugtraq&m=134919053717161&w=2
marc.info/?l=bugtraq&m=136432043316835&w=2
rhn.redhat.com/errata/RHSA-2012-0699.html
rhn.redhat.com/errata/RHSA-2012-1306.html
rhn.redhat.com/errata/RHSA-2012-1307.html
rhn.redhat.com/errata/RHSA-2012-1308.html
secunia.com/advisories/49116
secunia.com/advisories/49208
secunia.com/advisories/49324
secunia.com/advisories/50768
secunia.com/advisories/51312
support.apple.com/kb/HT5784
www.cert.fi/en/reports/2012/vulnerability641549.html
www.debian.org/security/2012/dsa-2475
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2012:073
www.openssl.org/news/secadv_20120510.txt
www.securityfocus.com/bid/53476
www.securitytracker.com/id?1027057
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=820686
exchange.xforce.ibmcloud.com/vulnerabilities/75525
rhn.redhat.com/errata/RHSA-2012-0426.html
rhn.redhat.com/errata/RHSA-2012-0699.html