Lucene search
F5F5:K93600123HistoryMay 07, 2016 - 12:00 a.m.
K93600123 : OpenSSL vulnerability CVE-2016-2107
2016-05-0700:00:00
my.f5.com
50
Security Advisory Description
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. (CVE-2016-2107)
Impact
A successful attack allows traffic to be decrypted by a man in the middle (MITM) when the connection uses an AES CBC cipher on systems with CPU support for Advanced Encryption Standard New Instructions (AES-NI).
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip afm | eq | 12.1.0 |
Related
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
cvelist
cvelist
nvd
nvd
prion
prion
Design/Logic Flaw
2016-05-05 01:59:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)
2016-11-21 00:00:00
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)
2014-10-10 00:00:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
veracode
veracode
Padding Oracle Attack
2017-01-27 03:10:31
Timing Side- Channel Attack
2019-01-15 08:52:54
Timing Attacks
2017-02-10 05:59:15
f5
f5
SOL93600123 - OpenSSL vulnerability CVE-2016-2107
2016-05-06 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2107
2016-05-03 00:00:00
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
alpinelinux
alpinelinux
CVE-2016-2107
2016-05-05 01:59:03
ibm
ibm
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
hackerone
hackerone
threatpost
threatpost
OpenSSL Patches Padding Oracle Attack Bug
2016-05-03 12:17:47
slackware
slackware
openssl
2013-02-11 23:49:59
openvas
openvas
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux
2021-08-17 00:00:00
Slackware: Security Advisory (SSA:2013-042-01)
2022-04-21 00:00:00
SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability
2017-03-30 00:00:00
seebug
seebug
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-04 00:00:00
redhatcve
redhatcve
CVE-2016-2107
2016-05-03 14:48:50
zdt
zdt
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)
2016-05-09 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
redhat
redhat
(RHSA-2013:0783) Moderate: openssl security update
2013-05-01 17:58:17
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00