Executive Summary

Informations
NameCVE-2016-0704First vendor Publication2016-03-02
VendorCveLast vendor Modification2018-01-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application203

Nessus® Vulnerability Scanner

DateDescription
2017-01-05Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10759.nasl - Type : ACT_GATHER_INFO
2016-11-10Name : The remote host is affected by multiple vulnerabilities.
File : screenos_JSA10759.nasl - Type : ACT_GATHER_INFO
2016-08-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7b1a4a27600a11e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-04-07Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-682.nasl - Type : ACT_GATHER_INFO
2016-03-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-15.nasl - Type : ACT_GATHER_INFO
2016-03-16Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL95463126.nasl - Type : ACT_GATHER_INFO
2016-03-14Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-327.nasl - Type : ACT_GATHER_INFO
2016-03-10Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160309_openssl098e_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-03-09Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-09Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO
2016-03-08Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0678-1.nasl - Type : ACT_GATHER_INFO
2016-03-07Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0631-1.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0624-1.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0641-1.nasl - Type : ACT_GATHER_INFO
2016-03-03Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-289.nasl - Type : ACT_GATHER_INFO
2016-03-03Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-292.nasl - Type : ACT_GATHER_INFO
2016-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0303.nasl - Type : ACT_GATHER_INFO
2016-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0304.nasl - Type : ACT_GATHER_INFO
2016-03-02Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0617-1.nasl - Type : ACT_GATHER_INFO
2016-03-02Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0620-1.nasl - Type : ACT_GATHER_INFO
2015-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-14Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO
2015-04-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0752.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zf.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0r.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1m.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_2a.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0715.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0716.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0715.nasl - Type : ACT_GATHER_INFO
2015-03-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0716.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/83764
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://openssl.org/news/secadv/20160301.txt
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-286720...
https://git.openssl.org/?p=openssl.git;a=commit;h=ae50d8270026edf5b3c7f8aaa0c...
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId...
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://www.openssl.org/news/secadv/20160301.txt
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
GENTOO https://security.gentoo.org/glsa/201603-15
MISC https://drownattack.com
SECTRACK http://www.securitytracker.com/id/1035133
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
DateInformations
2018-08-10 12:05:33
  • Multiple Updates
2018-01-18 21:22:33
  • Multiple Updates
2017-11-21 09:22:01
  • Multiple Updates
2017-09-08 09:23:22
  • Multiple Updates
2017-05-10 09:23:34
  • Multiple Updates
2017-01-06 13:25:36
  • Multiple Updates
2016-12-28 09:22:14
  • Multiple Updates
2016-12-03 09:24:34
  • Multiple Updates
2016-11-29 00:25:45
  • Multiple Updates
2016-11-11 13:25:54
  • Multiple Updates
2016-10-15 09:24:45
  • Multiple Updates
2016-10-12 09:24:09
  • Multiple Updates
2016-10-04 09:24:10
  • Multiple Updates
2016-08-13 13:26:56
  • Multiple Updates
2016-04-27 03:18:12
  • Multiple Updates
2016-04-12 09:25:50
  • Multiple Updates
2016-04-08 13:24:01
  • Multiple Updates
2016-03-22 13:25:56
  • Multiple Updates
2016-03-17 13:23:45
  • Multiple Updates
2016-03-15 13:25:11
  • Multiple Updates
2016-03-14 14:56:04
  • Multiple Updates
2016-03-11 21:26:23
  • Multiple Updates
2016-03-11 13:26:30
  • Multiple Updates
2016-03-10 13:25:20
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2016-03-08 13:26:07
  • Multiple Updates
2016-03-05 13:26:43
  • Multiple Updates
2016-03-04 13:26:25
  • Multiple Updates
2016-03-03 13:23:26
  • Multiple Updates
2016-03-02 17:22:48
  • First insertion