A Web.com Partner

DROWN vulnerability

A known vulnerability in the TLS protocol has been discovered, this vulnerability is known as DROWN which stands for Decrypting RSA with Obsolete and Weakened eNcryption (CVE-2016-0800).

A server can be attacked by DROWN if it allows SSLv2 connections or if a certificate and key is used on another server that supports SSLv2.

This vulnerability is Critical. Please take steps to disable SSLv2 connections in your server.

For a more detailed explanation please download the complete technical white paper (Aviram, et al.)