Intrusion Prevention

Openssl.Session.Ticket.Memory.Leak

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in OpenSSL.
The vulnerability is due to an error in the application when it handles maliciously crafted SSL/TLS messages. A remote attacker can exploit this to cause memory leakage and finally denial of service conditions.

Affected Products

OpenSSL prior to 1.0.1j
OpenSSL prior to 1.0.0o
OpenSSL prior to 0.9.8zc

Impact

Denial of Service: Remote attackers can crash vulnerable systems

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv_20141015.txt

CVE References

CVE-2014-3567