WEB APPLICATION VULNERABILITIES Standard & Premium

SSL 3.0 deprecated protocol

Description

The remote service encrypts traffic using SSL 3.0, an insecure and deprecated protocol with widely known weaknesses.

Remediation

Disable SSL 3.0 and use TLS 1.2 (or higher) instead.

References

How to disable SSLv3

Related Vulnerabilities

Web Cache Poisoning

The FREAK attack

Symfony web debug toolbar

ASP.NET WCF metadata enabled for behavior

ASP.NET viewstate encryption disabled

Severity

High

Classification

CWE-326 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Tags

Configuration