OpenSSL OCSP Status Request Denial Of Service Vulnerability (CVE-2016-6304)
Publish date: 21 de diciembre de 2016
Gravedad: High
Descripción
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1007970