The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.

Table of contents
  1. CCS Injection Security Assessment
  2. CCS Injection Vulnerability Information
  3. How to Prevent CCS Injection

CCS Injection Security Assessment

Security Assessment Prevent CCS Injection

CVSS Vector: AV:N/AC:M/AU:N/C:P/I:P/A:P

CCS Injection Vulnerability Information

The server is vulnerable to CCS Injections. Malicious intermediate nodes can intercept encrypted data and decrypt it by forcing SSL clients to use a weak key.

How to Prevent CCS Injection

Follow the guide to prevent CCS injections:

OpenSSL

Update OpenSSL to the latest version. The following versions are known to prevent CCS injections:

  • OpenSSL 1.0.1h
  • OpenSSL 1.0.0m
  • OpenSSL 0.9.8za

E.g., run:

apt-get update; apt-get upgrade # Debian / Ubuntu
yum update                      # RHeL / CentOS
pacman -Syu                     # Arch Linux

See If Your Web App Or API Has Security Vulnerabilities

SCAN FOR FREE NOW