CVE-2016-0800

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Cryptography Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2015-0287, CVE-2015-0293, CVE-2015-3195, CVE-2015-3197, CVE-2015-7575, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2842

Published on 01/03/16 - Updated on 18/01/18

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Category: Cryptography Error

CWE-310 (Cryptographic Issues)
Weaknesses in this category are related to the use of cryptography.

Security Notices

US National Vulnerability DatabaseCVE-2016-0800
Amazon Linux ALAS-2016-661, ALAS-2016-682
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, CERTFR-2016-AVI-244
Arch Linux ASA-201603-2, ASA-201603-3
CentOS CESA-2016:0301, CESA-2016:0302, CESA-2016:0372
Redhat RHSA-2016:0301, RHSA-2016:0302, RHSA-2016:0303, RHSA-2016:0304, RHSA-2016:0305, RHSA-2016:0372
Renater 2016/VULN085
SUSE SUSE-SU-2016:0617, SUSE-SU-2016:0620, SUSE-SU-2016:0621, SUSE-SU-2016:0624, SUSE-SU-2016:0678

Exploits

SecurityFocusBID-91787

Relative technologies

VendorProduct
opensslopenssl
pulsesecureclient
pulsesecuresteel_belted_radius

Share this vulnerability with:

Twitter Facebook LinkedIn Mail