Oval Definition:	oval:org.cisecurity:def:1947
Revision Date: 2017-03-10 Version: 2 Title: Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e - CVE-2017-3733 Description: During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. Family: windows Class: vulnerability Status: DRAFT Reference(s): CVE-2017-3733 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Vista Microsoft Windows XP Product(s): OpenSSL Definition Synopsis OpenSSL is installed + file version OpenSSL is installed AND Check for file version Check if OpenSSL 1.1.0 version is greater than or equal 1.1.0 and less than 1.1.0e OR OpenSSL (x86) is installed + file version OpenSSL (32_bit) is installed AND Check for file version Check if OpenSSL 1.1.0 version is greater than or equal 1.1.0 and less than 1.1.0e (x86) OR Check if ssleay32.dll 1.1.0 version is greater than or equal 1.1.0 and less than 1.1.0e on ProgramFilesDir OR Check if ssleay32.dll 1.1.0 version is greater than or equal 1.1.0 and less than 1.1.0e on ProgramFilesDir (x86) OR Check if ssleay32.dll 1.1.0 version is greater than or equal 1.1.0 and less than 1.1.0e on System32 and SysWOW64
BACK