Description
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.17)
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)
Oracle Application Server Other Vulnerability (CVE-2007-2121)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)
markdown-it Improper Access Control Vulnerability (CVE-2015-3295)