News

OpenSSL closes vulnerability that allows denial of service attack

By admin
Spread the love

OpenSSL has released patches for a vulnerability that can be exploited to perform a denial of service attack on vulnerable servers. The seriousness of the leak is estimated in the ‘high’ category. OpenSSL also closes thirteen less serious vulnerabilities.

OpenSSL writes that the vulnerability has received the cve-2016-6304 attribute and is present in several versions of the software. The team recommends that users update to versions 1.1.0a, 1.0.2i or 1.0.1u, depending on the version present. The vulnerability allows an attacker to flood a server’s memory through a large OCSP status request extension. He can do this by sending a request again and again. This can cause the server to crash or reboot, Akamai writes.

Servers with a default configuration are vulnerable to such an attack, even if they have OCSP support turned off. Servers provisioned with the ‘no-ocsp’ option or using a default configuration with version 1.0.1g or lower are not affected. Servers in the latter category are only vulnerable if an application enables OCSP stapling support.

OpenSSL had already announced the patches for the vulnerability discovered by the Chinese company Qihoo 360 earlier this week. The software is used to establish secure connections and is an implementation of ssl and tls.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Logitech acquires stream controller maker Loupedeck