|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-06-20 | |
| Rule Name: | PROTOCOL-SSL Openssl Encrypt-then-mac Renegotiation Denial of Service Vulnerability (CVE-2017-3733) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | SecurityFocusBID:96269 SecurityTrackerID:1037846 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://www.openssl.org/news/secadv/20170216.txt |