OpenSSL.Handshake.Error.State.Security.Bypass
Description
This indicates an attack attempt against a Security Bypass vulnerability in the OpenSSL library.
The vulnerability is caused by an error in SSL_read() and SSL_Write() function when handling fatal ssl handshake errors. A remote attacker can exploit this to gain data that is not encrypted, from vulnerable systems.
Affected Products
OpenSSL 1.0.2m and the prior
Impact
Security Bypass: Remote attackers can bypass security checking of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20171207.txt
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |