The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1115 advisory.

    - improved fix for CVE-2015-1791
    - add missing parts of CVE-2015-0209 fix for corectness although unexploitable
    - fix CVE-2014-8176 - invalid free in DTLS buffering code
    - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
    - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
    - fix CVE-2015-1791 - race condition handling NewSessionTicket
    - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)

high Nessus Plugin ID 84202

Version 2.22

Version 2.21

Version 2.22 Nov 1, 2024, 11:44 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411012344
Version 2.21 Oct 22, 2024, 9:14 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (set to "CVE-2014-8176") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (set to "CVE-2015-1789") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410222114