Description
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.10.1)
WordPress Plugin WP User Groups Cross-Site Request Forgery (2.0.0)
Jenkins Improper Authentication Vulnerability (CVE-2014-2066)
WordPress Plugin HUSKY-Products Filter Professional for WooCommerce SQL Injection (1.3.6)