Description
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin Global Content Blocks 'gcb_export.php' SQL Injection (1.2)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)
Java Unspesificed Vulnerability (CVE-2018-3157)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2190)
WordPress Plugin Automatic Online Backup 'url' Parameter Cross-Site Scripting (0.8.2)