Advisory ID

12178

Release date

2016-01-29

Last Updated

2016-01-29

Issue Severity

None

 

Source

Source

OpenSSL org.

Release date

2016-01-28

CVSS v2 Base Score

Low

Problem Description

A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.

Find more about CVE-2015-3197 from MITRE CVE directory.

Impact

None.

Affected Products

All FoxT products have the SSLv2 protocol disabled via the SSL_OP_NO_SSLv2 option and are thus not affected by this vulnerability.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019