OpenSSL.Omit.Key.Exchange.DoS
Description
This indicates an attempt to exploit a denial-of-service vulnerability in OpenSSL.
There is a NULL pointer dereference error in the OpenSSL client, which is triggered when a malicious server omits the 'Server Key exchange message' from a TLS handshake.
Affected Products
OpenSSL 0.9.8f and 0.9.8g.
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Update to version 0.9.8h.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |