Tomorrow is “patch Tuesday” and it’s a notable one. The OpenSSL project team announced last week that they will be releasing OpenSSL version 3.0.7, with a patch to fix a critical security vulnerability. Until the vulnerability details are released, not much is known about the nature of the vulnerability. In 2014, Heartbleed was an extremely serious vulnerability that was in the codebase for nearly 2 years going back to 2012, to this day that vulnerability remains unpatched in many environments. In 2016, OpenSSL had several other vulnerabilities and security bulletins ranging from egregious POODLE attacks against the AES-NI CBC MAC check to less serious buffer overflows.
The post Undisclosed OpenSSL vulnerability: Free scripts for target scoping appeared first on Security Boulevard.
Leer másSecurity Boulevard
Views: 0
