The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to information disclosure vulnerability. A flaw is present in SSL 3.0 implementation in OpenSSL, which does not properly initialize data structures for block cipher padding. Successful exploitation might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.