Security Bulletin: SSL TLS & DTLS Plaintext Recovery Attack
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtmedium psirttivoli
0 Comments | 1,166 Visits
A weakness in the handling of CBC cipher suites in SSL, TLS and DTLS can enable an attacker to exploit timing differences arising during MAC processing that may lead to a DoS attack. All versions of OpenSSL are affected including 1.0.1c, 1.0.0j & 0.9.8x
AFFECTED PRODUCTS AND VERSIONS:
Refer to the following reference URLs for remediation and additional vulnerability details.