Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
OpenSSL Improper Input Validation Vulnerability - CVE-2016-6302 - Vulnerability Database
OpenSSL

OpenSSL Improper Input Validation Vulnerability - CVE-2016-6302

High
Reference: CVE-2016-6302
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-6302
Title: OpenSSL Improper Input Validation Vulnerability
Overview:

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length which allows remote attackers to cause a denial of service via a ticket that is too short.