{"id":118,"date":"2016-03-02T11:54:44","date_gmt":"2016-03-02T11:54:44","guid":{"rendered":"http:\/\/www.urolime.com\/blogs\/?p=118"},"modified":"2016-03-28T16:52:35","modified_gmt":"2016-03-28T16:52:35","slug":"drown-attack","status":"publish","type":"post","link":"https:\/\/www.urolime.com\/blogs\/drown-attack\/","title":{"rendered":"DROWN Vulnerability Fix"},"content":{"rendered":"<h1 style=\"text-align: justify;\"><span style=\"font-family: arial, helvetica, sans-serif;\">General Information regarding DROWN vulnerability Fix<\/span><\/h1>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">On March 1, we have another OpenSSL vulnerability reported: DROWN. Please follow the document to know more about DROWN and DROWN Vulnerability Fix<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>Name: DROWN(\u00a0Decrypting\u00a0RSA using\u00a0Obsolete and\u00a0Weakened eNcryption.)<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>Type:\u00a0Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800).<\/strong><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>Affected services:\u00a0<\/strong>DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.<\/span><\/p>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>What all are Vulnerable? <\/strong><\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">&#8211; SSLv2 (Secure Sockets Layer protocol version 2.0)<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">&#8211; TLS (Transport Layer Security) version (1.0 &#8211; 1.2)<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">&#8211; Services which do not use SSLv2 , but share their RSA keys with those services which have SSLv2 support, are also vulnerable.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">CVE-2016-0703 : which affected OpenSSL versions prior to 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8z<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">CVE-2016-0704 : This issue affected OpenSSL versions 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and all earlier versions.<\/span><\/p>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;\">Affected Operating Systems Versions<\/span><\/h3>\n<h4><span style=\"font-family: arial, helvetica, sans-serif;\">Redhat\/Centos:<\/span><\/h4>\n<blockquote><p><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 4<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 5<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 7<\/span><\/p><\/blockquote>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><em>The affected OS versions along with details regarding available updates(which are free of the DROWN vulnerability).<\/em><\/span><\/p>\n<blockquote>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 5 \u00a0 \u00a0 \u00a0openssl-0.9.8e-39.el5_11<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 5.6 \u00a0 \u00a0openssl-0.9.8e-12.el5_6.13<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 5.9 \u00a0 \u00a0openssl-0.9.8e-26.el5_9.5<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6 \u00a0 \u00a0 \u00a0openssl-1.0.1e-42.el6_7.4<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6.2 \u00a0 \u00a0openssl-1.0.0-20.el6_2.8<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6.4 \u00a0 \u00a0openssl-1.0.0-27.el6_4.5<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6.5 \u00a0 \u00a0openssl-1.0.1e-16.el6_5.16<\/span><\/div>\n<div><span style=\"font-family: arial, helvetica, sans-serif;\">Red Hat Enterprise Linux 6.6 \u00a0 \u00a0openssl-1.0.1e-30.el6_6.12<\/span><\/div>\n<\/blockquote>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu distros are\u00a0free from DROWN Vulnerability:<\/span><\/h3>\n<table>\n<tbody>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>Upstream:<\/strong><\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>needs-triage<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu 12.04 LTS (Precise Pangolin):<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu 14.04 LTS (Trusty Tahr):<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu Touch 15.04:<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu Core 15.04:<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu 15.10 (Wily Werewolf):<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">Ubuntu 16.04 (Xenial Xerus):<\/span><\/td>\n<td width=\"225\"><span style=\"font-family: arial, helvetica, sans-serif;\">not-affected<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;\">Amazon Web Services (AWS)<\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>AWS Services<\/strong> are not affected by this Vulnerability, but Amazon Elastic Load Balancer customers that have modified their default ELB configurations in order to explicitly accept SSLv2 should immediately follow the below steps:<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">The following steps can be used to enable the AWS-recommended Predefined Security Policy via the AWS Console:<\/span><\/p>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Select your load balancer (EC2 &gt; Load Balancers).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">In the Listeners tab, click &#8220;Change&#8221; in the Cipher column.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Ensure that the radio button for &#8220;Predefined Security Policy&#8221; is selected<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">In the dropdown, select the &#8220;ELBSecurityPolicy-2015-05&#8221; policy.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Click &#8220;Save&#8221; to apply the settings to the listener.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Repeat these steps for each listener that is using HTTPS or SSL for each load balancer.<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">To identify if your server OpenSSL package is vulnerable,\u00a0Redhat provides a script which can be used to check if the installed openssl version(only on Redhat or Centos servers) is vulnerable to DROWN attacks. Script file can be downloaded from\u00a0<a href=\"https:\/\/access.redhat.com\/labs\/drown\/DROWN-test.sh\" target=\"_blank\">here<\/a><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">If your server is vulnerable the script execution output will be as follows:<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">===========================================================<\/span><\/p>\n<blockquote><p><span style=\"font-family: arial, helvetica, sans-serif;\"># bash DROWN-test.sh<\/span><\/p><\/blockquote>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">WARNING: The installed version of openssl (openssl-&lt;version&gt;) is vulnerable to both general and special DROWN attack and should be upgraded!<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">See\u00a0https:\/\/access.redhat.com\/security\/vulnerabilities\/drown\u00a0for more information.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">If its not vulnerable:<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">The installed version of openssl (openssl-&lt;version&gt;) is not known to be vulnerable to DROWN.<\/span><\/p>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;\">DROWN Attack Fix:<\/span><\/h3>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">We need to apply the available patches and the reboot the servers. If a reboot is not possible, restarting all network services that depend on openssl after applying the patches is required. A server reboot after openssl upgrade is recommended so as ensure that all services use the upgraded openssl version.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>\u00a0Steps:<\/strong><\/span><\/p>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Upgrade openssl<\/span><br \/>\n<blockquote><p><span style=\"font-family: arial, helvetica, sans-serif;\"># yum update openssl<\/span><\/p><\/blockquote>\n<\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;\">Restart all services using openssl or reboot the server(recommended)<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;\">If you need any help to fix this vulnerability feel free to email us : <strong>security [at] urolime [dot] com<\/strong><\/span><\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_118\" class=\"pvc_stats all  \" data-element-id=\"118\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/www.urolime.com\/blogs\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>General Information regarding DROWN vulnerability Fix On March 1, we have another OpenSSL vulnerability reported: DROWN. Please follow the document to know more about DROWN and DROWN Vulnerability Fix Name: DROWN(\u00a0Decrypting\u00a0RSA using\u00a0Obsolete and\u00a0Weakened eNcryption.) Type:\u00a0Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800). Affected services:\u00a0DROWN is a serious vulnerability that affects HTTPS and other services that [&hellip;]<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_118\" class=\"pvc_stats all  \" data-element-id=\"118\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/www.urolime.com\/blogs\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":119,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":[],"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1],"tags":[],"class_list":["post-118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.3.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>DROWN Vulnerability Fix - Urolime Blogs<\/title>\n<meta name=\"description\" content=\"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) &amp; DROWN Vulnerability Fix\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DROWN Vulnerability Fix - Urolime Blogs\" \/>\n<meta property=\"og:description\" content=\"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) &amp; DROWN Vulnerability Fix\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Urolime Blogs\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-02T11:54:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-28T16:52:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"792\" \/>\n\t<meta property=\"og:image:height\" content=\"542\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Urolime Technologies\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Urolime Technologies\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\"},\"author\":{\"name\":\"Urolime Technologies\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/#\/schema\/person\/c231f59d5f2c2516e0efc6067ee0c22c\"},\"headline\":\"DROWN Vulnerability Fix\",\"datePublished\":\"2016-03-02T11:54:44+00:00\",\"dateModified\":\"2016-03-28T16:52:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\"},\"wordCount\":616,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg\",\"articleSection\":[\"General\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\",\"url\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\",\"name\":\"DROWN Vulnerability Fix - Urolime Blogs\",\"isPartOf\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg\",\"datePublished\":\"2016-03-02T11:54:44+00:00\",\"dateModified\":\"2016-03-28T16:52:35+00:00\",\"description\":\"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) & DROWN Vulnerability Fix\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.urolime.com\/blogs\/drown-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage\",\"url\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg\",\"contentUrl\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg\",\"width\":792,\"height\":542,\"caption\":\"DROWN diagram1\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/#website\",\"url\":\"https:\/\/www.urolime.com\/blogs\/\",\"name\":\"Urolime Blogs\",\"description\":\"The place for DevOps, Cloud, Kubernetes News and Updates\",\"publisher\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.urolime.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/#organization\",\"name\":\"Urolime Blogs\",\"url\":\"https:\/\/www.urolime.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2021\/06\/cropped-250-x250.jpg\",\"contentUrl\":\"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2021\/06\/cropped-250-x250.jpg\",\"width\":250,\"height\":73,\"caption\":\"Urolime Blogs\"},\"image\":{\"@id\":\"https:\/\/www.urolime.com\/blogs\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.urolime.com\/blogs\/#\/schema\/person\/c231f59d5f2c2516e0efc6067ee0c22c\",\"name\":\"Urolime Technologies\",\"description\":\"Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud &amp; Kubernetes Consulting, DevOps Services, 24\/7 Managed Services &amp; Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we \u201cDo IT Smart\u201d.\",\"sameAs\":[\"https:\/\/www.urolime.com\/\"],\"url\":\"https:\/\/www.urolime.com\/blogs\/author\/blogadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DROWN Vulnerability Fix - Urolime Blogs","description":"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) & DROWN Vulnerability Fix","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.urolime.com\/blogs\/drown-attack\/","og_locale":"en_US","og_type":"article","og_title":"DROWN Vulnerability Fix - Urolime Blogs","og_description":"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) & DROWN Vulnerability Fix","og_url":"https:\/\/www.urolime.com\/blogs\/drown-attack\/","og_site_name":"Urolime Blogs","article_published_time":"2016-03-02T11:54:44+00:00","article_modified_time":"2016-03-28T16:52:35+00:00","og_image":[{"width":792,"height":542,"url":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg","type":"image\/jpeg"}],"author":"Urolime Technologies","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Urolime Technologies","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/#article","isPartOf":{"@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/"},"author":{"name":"Urolime Technologies","@id":"https:\/\/www.urolime.com\/blogs\/#\/schema\/person\/c231f59d5f2c2516e0efc6067ee0c22c"},"headline":"DROWN Vulnerability Fix","datePublished":"2016-03-02T11:54:44+00:00","dateModified":"2016-03-28T16:52:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/"},"wordCount":616,"commentCount":0,"publisher":{"@id":"https:\/\/www.urolime.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg","articleSection":["General"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.urolime.com\/blogs\/drown-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/","url":"https:\/\/www.urolime.com\/blogs\/drown-attack\/","name":"DROWN Vulnerability Fix - Urolime Blogs","isPartOf":{"@id":"https:\/\/www.urolime.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg","datePublished":"2016-03-02T11:54:44+00:00","dateModified":"2016-03-28T16:52:35+00:00","description":"Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) & DROWN Vulnerability Fix","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.urolime.com\/blogs\/drown-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.urolime.com\/blogs\/drown-attack\/#primaryimage","url":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg","contentUrl":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2016\/03\/DROWN_diagram1.jpg","width":792,"height":542,"caption":"DROWN diagram1"},{"@type":"WebSite","@id":"https:\/\/www.urolime.com\/blogs\/#website","url":"https:\/\/www.urolime.com\/blogs\/","name":"Urolime Blogs","description":"The place for DevOps, Cloud, Kubernetes News and Updates","publisher":{"@id":"https:\/\/www.urolime.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.urolime.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.urolime.com\/blogs\/#organization","name":"Urolime Blogs","url":"https:\/\/www.urolime.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.urolime.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2021\/06\/cropped-250-x250.jpg","contentUrl":"https:\/\/www.urolime.com\/blogs\/wp-content\/uploads\/2021\/06\/cropped-250-x250.jpg","width":250,"height":73,"caption":"Urolime Blogs"},"image":{"@id":"https:\/\/www.urolime.com\/blogs\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.urolime.com\/blogs\/#\/schema\/person\/c231f59d5f2c2516e0efc6067ee0c22c","name":"Urolime Technologies","description":"Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud &amp; Kubernetes Consulting, DevOps Services, 24\/7 Managed Services &amp; Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we \u201cDo IT Smart\u201d.","sameAs":["https:\/\/www.urolime.com\/"],"url":"https:\/\/www.urolime.com\/blogs\/author\/blogadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/posts\/118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/comments?post=118"}],"version-history":[{"count":25,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/posts\/118\/revisions"}],"predecessor-version":[{"id":147,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/posts\/118\/revisions\/147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/media\/119"}],"wp:attachment":[{"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/media?parent=118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/categories?post=118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.urolime.com\/blogs\/wp-json\/wp\/v2\/tags?post=118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}