Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
opensslOpenSSLOPENSSL:CVE-2016-0704
HistoryMar 01, 2016 - 12:00 a.m.

Vulnerability in OpenSSL - Bleichenbacher oracle in SSLv2

2016-03-0100:00:00
www.openssl-library.org
32

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.477

Percentile

97.5%

JSON

This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address the vulnerability CVE-2015-0293. s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack.

Found by David Adrian and J.Alex Halderman (University of Michigan).

Affected configurations

Vulners
Node
opensslopensslRange0.9.80.9.8zf
OR
opensslopensslRange1.0.01.0.0r
OR
opensslopensslRange1.0.11.0.1m
OR
opensslopensslRange1.0.21.0.2a
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Related

redhat 10
nessus 56
openvas 42
amazon 2
centos 3
veracode 3
cve 2
debiancve 2
f5 4
openssl 2
prion 2
cvelist 2
ubuntucve 2
nvd 2
hackerone 1
oraclelinux 3
suse 15
paloalto 1
checkpoint_advisories 1
ibm 30
fedora 3
kitploit 1
altlinux 5
mageia 1
slackware 1
aix 1
debian 1
ubuntu 1
redhat
redhat
(RHSA-2016:0303) Important: openssl security update
2016-03-01 00:00:00
(RHSA-2016:0372) Important: openssl098e security update
2016-03-09 00:00:00
(RHSA-2016:0304) Important: openssl security update
2016-03-01 00:00:00
nessus
nessus
Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)
2016-03-10 00:00:00
Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)
2016-04-07 00:00:00
CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)
2016-03-09 00:00:00
openvas
openvas
CentOS Update for openssl098e CESA-2016:0372 centos7
2016-03-10 00:00:00
CentOS Update for openssl098e CESA-2016:0372 centos6
2016-03-10 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-682)
2016-05-09 00:00:00
amazon
amazon
Important: openssl098e
2016-04-06 14:40:00
Medium: openssl
2015-03-23 13:42:00
centos
centos
openssl098e security update
2016-03-09 05:32:33
openssl security update
2015-03-23 21:19:50
openssl security update
2015-04-14 11:25:52
veracode
veracode
Information Disclosure
2017-02-06 01:54:39
Denial Of Service (DoS)
2019-01-15 09:10:17
Denial Of Service (DoS)
2017-01-26 06:43:37
cve
cve
CVE-2015-0293
2015-03-19 22:59:11
CVE-2016-0704
2016-03-02 11:59:01
debiancve
debiancve
CVE-2015-0293
2015-03-19 22:59:11
CVE-2016-0704
2016-03-02 11:59:01
f5
f5
K16321 : OpenSSL vulnerability CVE-2015-0293
2015-10-05 00:00:00
SOL16321 - OpenSSL vulnerability CVE-2015-0293
2015-04-02 00:00:00
K95463126 : OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
2016-03-10 00:00:00
openssl
openssl
Vulnerability in OpenSSL - DoS via reachable assert in SSLv2 servers
2015-03-19 00:00:00
Vulnerability in OpenSSL - Divide-and-conquer session key recovery in SSLv2
2016-03-01 00:00:00
prion
prion
Design/Logic Flaw
2015-03-19 22:59:00
Buffer overflow
2016-03-02 11:59:00
cvelist
cvelist
CVE-2015-0293
2015-03-19 00:00:00
CVE-2016-0704
2016-03-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-0293
2015-03-17 00:00:00
CVE-2016-0704
2016-03-01 00:00:00
nvd
nvd
CVE-2015-0293
2015-03-19 22:59:11
CVE-2016-0704
2016-03-02 11:59:01
hackerone
hackerone
Internet Bug Bounty: Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
2016-05-12 05:56:32
oraclelinux
oraclelinux
openssl098e security update
2016-03-09 00:00:00
openssl security update
2015-03-23 00:00:00
openssl security and bug fix update
2015-03-23 00:00:00
suse
suse
Security update for openssl (important)
2016-03-03 15:11:31
Security update for openssl (important)
2016-03-11 14:14:22
Security update for openssl (important)
2016-04-15 21:09:44
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Secure Sockets Layer (SSL) Version 2.0 (CVE-2016-0703; CVE-2016-0704; CVE-2016-0800)
2014-03-18 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearCase (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0293)
2018-07-10 08:34:12
Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearQuest (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0293)
2018-06-17 05:01:59
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches
2019-01-31 02:25:02
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.2a-1.fc21
2015-05-04 15:27:35
[SECURITY] Fedora 22 Update: mingw-openssl-1.0.2a-1.fc22
2015-05-01 16:42:54
[SECURITY] Fedora 21 Update: openssl-1.0.1k-6.fc21
2015-03-22 04:40:24
kitploit
kitploit
Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
2020-01-08 20:35:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt2
2015-03-19 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-03-19 19:47:16
slackware
slackware
[slackware-security] openssl
2015-04-22 01:22:19
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-04-13 05:07:43
debian
debian
[SECURITY] [DLA 177-1] openssl security update
2015-03-20 21:40:47
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-03-19 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.477

Percentile

97.5%

JSON
Related for OPENSSL:CVE-2016-0704
redhat10nessus56openvas42amazon2centos3veracode3cve2debiancve2f54openssl2prion2cvelist2ubuntucve2nvd2hackerone1oraclelinux3suse15paloalto1checkpoint_advisories1ibm30fedora3kitploit1altlinux5mageia1slackware1aix1debian1ubuntu1