Page MenuHomePhabricator

Lots of servers are vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
Closed, ResolvedPublic


Originally I posted this issue under Bug 53259, but I find more and more vulnerable sites, so I think it is more appropriate to move to a new bug report.

According to SSL Labs these servers are "vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable":


These are vulnerable but probably not exploitable:



Version: unspecified
Severity: normal
See Also:



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:37 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz67564.
bzimport added a subscriber: Unknown Object (MLST).

I reported your findings yesterday as RT 7806 and suggested that all hosts should be checked for missed libssl updates.