OpenSSL protocol implements SSL and TLS protocols to establish a secure connection between a client and a server. Flaws in OpenSSL implementation may cause buffer overflows. These buffer overflows can be exploited by a malicious user to gain unauthorized access to the Oracle server products. The Oracle Server products that implement OpenSSL and accept client certificates are vulnerable.
The flaws in OpenSSL protocol can be exploited by an attacker during the handshake process with SSL server. This makes Oracle server products vulnerable to information leakage, Denial-of-Service attack and server takeover by the perpetrator.
The information provided herein is on "as is" basis, without warranty of any kind.