The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows MITM attackers to use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.