AnsweredAssumed Answered

Security analysis returns differents CVE-2016-2107 with same platform configuration

Question asked by Bastien DINE on Sep 5, 2016

Hi everybody,


I have run the server security analysis on several of my production environment, and I find very strange result :

The result concerning OpenSSL Padding Oracle vulnerability CVE-2016-2017 are differents although the system configuration (Ubuntu 12.04, SSL package, apache..) are almost the same on all servers.


On the last platform (platform 10) I've even update openssl to last security version (1.0.1-4ubuntu5.36) and still have the vulnerability.


Below you will find a summary of all of the security analysis results with corresponding server configuration.


Am I missing something ?


Thanks in advance for you help !