ELSA-2016-3627 -- Oracle openssl
|ID: oval:org.secpod.oval:def:1501604||Date: (C)2016-11-08 (M)2017-11-10|
|Class: PATCH||Family: unix|
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.