Description

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Remediation

References

CVE-2011-4576

Related Vulnerabilities

Drupal Core 5.x Arbitrary Code Execution (5.0)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4299)

Jboss EAP 7PK - Security Features Vulnerability (CVE-2015-5178)

Ruby Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2017-17742)

OpenSSL Cryptographic Issues Vulnerability (CVE-2006-4339)

Severity

Medium

Classification

CVE-2011-4576

Tags

Missing Update Known Vulnerabilities