7.5
CVE-2016-8610
- EPSS 39.66%
- Veröffentlicht 13.11.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Netapp ≫ Cn1610 Firmware Version-
Netapp ≫ Clustered Data Ontap Antivirus Connector Version-
Netapp ≫ Data Ontap Version- SwPlatform7-mode
Netapp ≫ Data Ontap Edge Version-
Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.40
Netapp ≫ Host Agent Version-
Netapp ≫ Oncommand Balance Version-
Netapp ≫ Oncommand Unified Manager Version- SwPlatform7-mode
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Ontap Select Deploy Version-
Netapp ≫ Service Processor Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ Snapcenter Server Version-
Netapp ≫ Storagegrid Version-
Netapp ≫ Storagegrid Webscale Version-
Netapp ≫ Clustered Data Ontap Version-
Paloaltonetworks ≫ Pan-os Version <= 6.1.17
Paloaltonetworks ≫ Pan-os Version >= 7.0.0 <= 7.0.15
Paloaltonetworks ≫ Pan-os Version >= 7.1.0 <= 7.1.10
Oracle ≫ Adaptive Access Manager Version11.1.2.3.0
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Communications Analytics Version12.1.1
Oracle ≫ Communications Ip Service Activator Version7.3.4
Oracle ≫ Communications Ip Service Activator Version7.4.0
Oracle ≫ Core Rdbms Version11.2.0.4
Oracle ≫ Core Rdbms Version12.1.0.2
Oracle ≫ Core Rdbms Version12.2.0.1
Oracle ≫ Core Rdbms Version18c
Oracle ≫ Core Rdbms Version19c
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Retail Predictive Application Server Version15.0.3
Oracle ≫ Retail Predictive Application Server Version16.0.3
Oracle ≫ Timesten In-memory Database Version < 18.1.4.1.0
Oracle ≫ Weblogic Server Version10.3.6.0.0
Oracle ≫ Weblogic Server Version12.1.3.0.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Fujitsu ≫ M10-1 Firmware Version < xcp2361
Fujitsu ≫ M10-1 Firmware Version >= xcp3000 < xcp3070
Fujitsu ≫ M10-4 Firmware Version < xcp2361
Fujitsu ≫ M10-4 Firmware Version >= xcp3000 < xcp3070
Fujitsu ≫ M10-4s Firmware Version < xcp2361
Fujitsu ≫ M10-4s Firmware Version >= xcp3000 < xcp3070
Fujitsu ≫ M12-1 Firmware Version < xcp2361
Fujitsu ≫ M12-1 Firmware Version >= xcp3000 < xcp3070
Fujitsu ≫ M12-2 Firmware Version < xcp2361
Fujitsu ≫ M12-2 Firmware Version >= xcp3000 < xcp3070
Fujitsu ≫ M12-2s Firmware Version < xcp2361
Fujitsu ≫ M12-2s Firmware Version >= xcp3000 < xcp3070
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.66% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
https://access.redhat.com/errata/RHSA-2017:1658
http://rhn.redhat.com/errata/RHSA-2017-1415.html
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2494
http://rhn.redhat.com/errata/RHSA-2017-0574.html
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://seclists.org/oss-sec/2016/q4/224
http://www.securityfocus.com/bid/93841
http://www.securitytracker.com/id/1037084
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.360.cn/cve/CVE-2016-8610/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
https://www.debian.org/security/2017/dsa-3773