I have run the server security analysis on several of my production environment, and I find very strange result :
The result concerning OpenSSL Padding Oracle vulnerability CVE-2016-2017 are differents although the system configuration (Ubuntu 12.04, SSL package, apache..) are almost the same on all servers.
On the last platform (platform 10) I've even update openssl to last security version (1.0.1-4ubuntu5.36) and still have the vulnerability.
Below you will find a summary of all of the security analysis results with corresponding server configuration.
Am I missing something ?
Thanks in advance for you help !