Описание
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
Отчет
OpenSSL, as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, is not affected by this flaw because newer versions of OpenSSL that have already been patched are shipped. This vulnerability was originally published over 20 years ago. It affects OpenSSL versions < 0.92b, which are not shipped in Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Not affected | ||
| Red Hat Enterprise Linux 7 | openssl | Not affected | ||
| Red Hat Enterprise Linux 7 | openssl098e | Not affected | ||
| Red Hat Enterprise Linux 7 | ovmf | Not affected | ||
| Red Hat Enterprise Linux 8 | compat-openssl10 | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-openssl | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1891836openssl: allow remote attackers to reuse SSL sessions and bypass access controls
EPSS
Процентиль: 34%
0.00136
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
nvd
больше 26 лет назад
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
github
больше 3 лет назад
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
EPSS
Процентиль: 34%
0.00136
Низкий
6.5 Medium
CVSS3