CVE-2016-8610

EPSS 69.1%
Published 13.11.2017 22:29:00
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Affected products Warnungen 0 Metrics 3 CWE 1 References 31

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version >= 1.0.2 <= 1.0.2h

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version1.0.1

OpenSSL ≫ OpenSSL Version1.1.0

Debian ≫ Debian Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version6.0.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version6.4.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Netapp ≫ Cn1610 Firmware Version-

Netapp ≫ Cn1610 Version-

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ Data Ontap Version- SwPlatform7-mode

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.40

Netapp ≫ Host Agent Version-

Netapp ≫ Oncommand Balance Version-

Netapp ≫ Oncommand Unified Manager Version- SwPlatform7-mode

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Ontap Select Deploy Version-

Netapp ≫ Service Processor Version-

Netapp ≫ Smi-s Provider Version-

Netapp ≫ Snapcenter Server Version-

Netapp ≫ Snapdrive Version- SwPlatformunix

Netapp ≫ Storagegrid Version-

Netapp ≫ Storagegrid Webscale Version-

Netapp ≫ Clustered Data Ontap Version-

Paloaltonetworks ≫ Pan-os Version <= 6.1.17

Paloaltonetworks ≫ Pan-os Version >= 7.0.0 <= 7.0.15

Paloaltonetworks ≫ Pan-os Version >= 7.1.0 <= 7.1.10

Oracle ≫ Adaptive Access Manager Version11.1.2.3.0

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Communications Analytics Version12.1.1

Oracle ≫ Communications Ip Service Activator Version7.3.4

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Core Rdbms Version11.2.0.4

Oracle ≫ Core Rdbms Version12.1.0.2

Oracle ≫ Core Rdbms Version12.2.0.1

Oracle ≫ Core Rdbms Version18c

Oracle ≫ Core Rdbms Version19c

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Enterprise Manager Ops Center Version12.4.0

Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Retail Predictive Application Server Version15.0.3

Oracle ≫ Retail Predictive Application Server Version16.0.3

Oracle ≫ Timesten In-memory Database Version < 18.1.4.1.0

Oracle ≫ Weblogic Server Version10.3.6.0.0

Oracle ≫ Weblogic Server Version12.1.3.0.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Fujitsu ≫ M10-1 Firmware Version < xcp2361

Fujitsu ≫ M10-1 Version-

Fujitsu ≫ M10-1 Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M10-1 Version-

Fujitsu ≫ M10-4 Firmware Version < xcp2361

Fujitsu ≫ M10-4 Version-

Fujitsu ≫ M10-4 Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M10-4 Version-

Fujitsu ≫ M10-4s Firmware Version < xcp2361

Fujitsu ≫ M10-4s Version-

Fujitsu ≫ M10-4s Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M10-4s Version-

Fujitsu ≫ M12-1 Firmware Version < xcp2361

Fujitsu ≫ M12-1 Version-

Fujitsu ≫ M12-1 Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M12-1 Version-

Fujitsu ≫ M12-2 Firmware Version < xcp2361

Fujitsu ≫ M12-2 Version-

Fujitsu ≫ M12-2 Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M12-2 Version-

Fujitsu ≫ M12-2s Firmware Version < xcp2361

Fujitsu ≫ M12-2s Version-

Fujitsu ≫ M12-2s Firmware Version >= xcp3000 < xcp3070

Fujitsu ≫ M12-2s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	69.1%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory