Description

The remote service encrypts traffic using SSL 2.0, an insecure and deprecated protocol with widely known weaknesses.

Remediation

Disable SSL 2.0 and use TLS 1.2 (or higher) instead.

References

Original Advisory

Related Vulnerabilities

Code Execution via WebDav

Oracle E-Business Suite iStore open user registration

Yii debug mode enabled

Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28

Nginx PHP code execution via FastCGI

Severity

High

Classification

CWE-326 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto