OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to execute arbitrary code on your server by exploiting weaknesses in the way it handles certain types of encrypted data.
OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to execute arbitrary code on your server by exploiting weaknesses in the way it handles certain types of encrypted data.
You're affected if you use OpenSSL versions 1.0.2h and earlier, or 1.1.x before 1.1.1k. Check with: openssl s_client -connect www.example.com:443 -tls1.2 2>&1 | grep 'SSLv3' 2>/dev/null
Note: This CVE is not specific to a particular application, but rather a general vulnerability in the OpenSSL library.
Upgrade to OpenSSL 1.1.1k or later.
- If you can't upgrade immediately:
- Enable TLS 1.2 and disable SSLv3 (openssl s_client -connect www.example.com:443 -tls1.2 -sslv3 2>&1 | grep 'SSLv3' 2>/dev/null)
- Remove any deprecated OpenSSL configurations.