SSL Insecure Protocols

medium Web App Scanning Plugin ID 112494

Synopsis

SSL Insecure Protocols

Description

The remote server offers insecure SSL protocol version which can lead to vulnerability exploitation.

Solution

Reconfigure the affected application, if possible to avoid the use of insecure SSL protocol versions (SSLv2 and SSLv3).

See Also

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Plugin Details

Severity: Medium

ID: 112494

Type: remote

Family: SSL/TLS

Published: 10/3/2018

Updated: 11/26/2021

Scan Template: api, basic, config_audit, full, pci, quick, scan, ssl_tls

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information