A flaw has been found in the OpenSSL TLS server extension affecting OpenSSL 0.9.8f through 0.9.8o, 1.0.0 and 1.0.0a. This vulnerability has been assigned CVE-2010-3864 The following applications are affected by this vulnerability: "Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are NOT affected. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected." [1] [1] http://openssl.org/news/secadv_20101116.txt ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org |
Guy 523 Posts ISC Handler Nov 16th 2010 |
Thread locked Subscribe |
Nov 16th 2010 1 decade ago |
I think the CVE Article is actually CVE-2010-3864...can you confirm?
|
Anonymous |
Quote |
Nov 16th 2010 1 decade ago |
Correct CVE-2010-3864
|
Guy 523 Posts ISC Handler |
Quote |
Nov 16th 2010 1 decade ago |
I think the CVE Article is actually CVE-2010-3864...can you confirm?
|
Guy 3 Posts |
Quote |
Nov 16th 2010 1 decade ago |
Excellent, thanks!
|
Guy 3 Posts |
Quote |
Nov 16th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!