|
|||
Rule General Information |
---|
Release Date: | 2017-06-20 | |
Rule Name: | PROTOCOL-SSL Openssl Encrypt-then-mac Renegotiation Denial of Service Vulnerability (CVE-2017-3733) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | |
Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
Reference: | SecurityFocusBID:96269 SecurityTrackerID:1037846 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: https://www.openssl.org/news/secadv/20170216.txt |