5.9

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
OpenSSLOpenSSL Version <= 1.0.1s
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2 Updatebeta2
OpenSSLOpenSSL Version1.0.2 Updatebeta3
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2g
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
GoogleAndroid Version4.3.1
GoogleAndroid Version4.4
GoogleAndroid Version4.4.1
GoogleAndroid Version4.4.2
GoogleAndroid Version4.4.3
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
HpHelion Openstack Version2.0.0
HpHelion Openstack Version2.1.0
HpHelion Openstack Version2.1.2
HpHelion Openstack Version2.1.4
NodejsNode.Js Version >= 0.10.0 < 0.10.45
NodejsNode.Js Version >= 0.12.0 < 0.12.14
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.4.4
NodejsNode.Js SwEdition- Version >= 5.0.0 < 5.11.1
NodejsNode.Js Version6.0.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 89.06% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Third Party Advisory
http://source.android.com/security/bulletin/2016-07-01.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
Third Party Advisory
Mailing List
https://support.apple.com/HT206903
Third Party Advisory
https://www.tenable.com/security/tns-2016-18
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-0722.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0996.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2073.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
Third Party Advisory
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
Third Party Advisory
http://www.debian.org/security/2016/dsa-3566
Third Party Advisory
http://www.securitytracker.com/id/1035721
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2959-1
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa123
Permissions Required
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
Third Party Advisory
https://security.gentoo.org/glsa/201612-16
Third Party Advisory
https://security.netapp.com/advisory/ntap-20160504-0001/
Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
Third Party Advisory
https://www.openssl.org/news/secadv/20160503.txt
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
Third Party Advisory
http://support.citrix.com/article/CTX212736
Third Party Advisory
http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
Third Party Advisory
http://www.securityfocus.com/bid/89760
Third Party Advisory
VDB Entry
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
Third Party Advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292
Broken Link
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
Third Party Advisory
https://www.exploit-db.com/exploits/39768/
Third Party Advisory
VDB Entry