Description

The remote service encrypts traffic using SSL 2.0, an insecure and deprecated protocol with widely known weaknesses.

Remediation

Disable SSL 2.0 and use TLS 1.2 (or higher) instead.

References

Original Advisory

Related Vulnerabilities

Insecure Transportation Security Protocol Supported (TLS 1.1)

GraphiQL Explorer/Playground Enabled

GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability

Memcached Unauthorized Access Vulnerability

Laravel Horizon open

Severity

High

Classification

CWE-326 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Crypto