A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | openssl | 2016-03-10 16:30 | ALAS-2016-661 |
Amazon Linux 1 | openssl098e | 2016-04-06 14:40 | ALAS-2016-682 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |