CVE-2016-0703

Published on: 03/02/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Openssl from Openssl contain the following vulnerability:

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

  • CVE-2016-0703 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
[security-announce] openSUSE-SU-2016:0637-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0637
[security-announce] SUSE-SU-2016:0617-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0617
[security-announce] openSUSE-SU-2016:0720-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0720
git.openssl.org Git - openssl.git/commit git.openssl.org
text/xml
URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
[security-announce] SUSE-SU-2016:0624-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0624
[security-announce] SUSE-SU-2016:0620-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0620
OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035133
OpenSSL: Multiple vulnerabilities (GLSA 201603-15) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201603-15
HPE Support document - HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
www.openssl.org
text/plain
CONFIRM www.openssl.org/news/secadv/20160301.txt
DROWN Attack drownattack.com
text/html
URL Logo MISC drownattack.com
Oracle Critical Patch Update - January 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
[security-announce] SUSE-SU-2016:1057-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1057
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 tools.cisco.com
text/html
URL Logo CISCO 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
[security-announce] openSUSE-SU-2016:0638-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0638
[security-announce] SUSE-SU-2016:0678-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0678
Vendor Advisory
openssl.org
text/plain
CONFIRM openssl.org/news/secadv/20160301.txt
[security-announce] openSUSE-SU-2016:0628-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0628
[security-announce] SUSE-SU-2016:0631-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0631
HPE Support document - HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
[security-announce] SUSE-SU-2016:0641-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0641
Oracle Linux Bulletin - January 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
security.FreeBSD.org
text/plain
FREEBSD FreeBSD-SA-16:12
[security-announce] SUSE-SU-2016:0621-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0621
OpenSSL CVE-2016-0703 Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 83743
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates kb.juniper.net
text/html
URL Logo CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Public KB - SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory kb.pulsesecure.net
text/html
URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Oracle Solaris Bulletin - January 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.0AllAllAll
ApplicationOpensslOpenssl1.0.0beta1AllAll
ApplicationOpensslOpenssl1.0.0beta2AllAll
ApplicationOpensslOpenssl1.0.0beta3AllAll
ApplicationOpensslOpenssl1.0.0beta4AllAll
ApplicationOpensslOpenssl1.0.0beta5AllAll
ApplicationOpensslOpenssl1.0.0aAllAllAll
ApplicationOpensslOpenssl1.0.0bAllAllAll
ApplicationOpensslOpenssl1.0.0cAllAllAll
ApplicationOpensslOpenssl1.0.0dAllAllAll
ApplicationOpensslOpenssl1.0.0eAllAllAll
ApplicationOpensslOpenssl1.0.0fAllAllAll
ApplicationOpensslOpenssl1.0.0gAllAllAll
ApplicationOpensslOpenssl1.0.0hAllAllAll
ApplicationOpensslOpenssl1.0.0iAllAllAll
ApplicationOpensslOpenssl1.0.0jAllAllAll
ApplicationOpensslOpenssl1.0.0kAllAllAll
ApplicationOpensslOpenssl1.0.0lAllAllAll
ApplicationOpensslOpenssl1.0.0mAllAllAll
ApplicationOpensslOpenssl1.0.0nAllAllAll
ApplicationOpensslOpenssl1.0.0oAllAllAll
ApplicationOpensslOpenssl1.0.0pAllAllAll
ApplicationOpensslOpenssl1.0.0qAllAllAll
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1beta1AllAll
ApplicationOpensslOpenssl1.0.1beta2AllAll
ApplicationOpensslOpenssl1.0.1beta3AllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOpensslOpenssl1.0.0AllAllAll
ApplicationOpensslOpenssl1.0.0beta1AllAll
ApplicationOpensslOpenssl1.0.0beta2AllAll
ApplicationOpensslOpenssl1.0.0beta3AllAll
ApplicationOpensslOpenssl1.0.0beta4AllAll
ApplicationOpensslOpenssl1.0.0beta5AllAll
ApplicationOpensslOpenssl1.0.0aAllAllAll
ApplicationOpensslOpenssl1.0.0bAllAllAll
ApplicationOpensslOpenssl1.0.0cAllAllAll
ApplicationOpensslOpenssl1.0.0dAllAllAll
ApplicationOpensslOpenssl1.0.0eAllAllAll
ApplicationOpensslOpenssl1.0.0fAllAllAll
ApplicationOpensslOpenssl1.0.0gAllAllAll
ApplicationOpensslOpenssl1.0.0hAllAllAll
ApplicationOpensslOpenssl1.0.0iAllAllAll
ApplicationOpensslOpenssl1.0.0jAllAllAll
ApplicationOpensslOpenssl1.0.0kAllAllAll
ApplicationOpensslOpenssl1.0.0lAllAllAll
ApplicationOpensslOpenssl1.0.0mAllAllAll
ApplicationOpensslOpenssl1.0.0nAllAllAll
ApplicationOpensslOpenssl1.0.0oAllAllAll
ApplicationOpensslOpenssl1.0.0pAllAllAll
ApplicationOpensslOpenssl1.0.0qAllAllAll
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1beta1AllAll
ApplicationOpensslOpenssl1.0.1beta2AllAll
ApplicationOpensslOpenssl1.0.1beta3AllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
  • cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*: