CVE-2016-0704
Published on: 03/02/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:13 PM UTC
Certain versions of Openssl from Openssl contain the following vulnerability:
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
- CVE-2016-0704 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.9 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | HIGH | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Oracle Solaris Bulletin - April 2016 | www.oracle.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:0637-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0617-1: important: Security update for | lists.opensuse.org text/html |
![]() |
[security-announce] openSUSE-SU-2016:0720-1: important: Security update | lists.opensuse.org text/html |
![]() |
git.openssl.org Git - openssl.git/commit | git.openssl.org text/xml |
![]() |
[security-announce] SUSE-SU-2016:0624-1: important: Security update for | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0620-1: important: Security update for | lists.opensuse.org text/html |
![]() |
OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases - SecurityTracker | www.securitytracker.com text/html |
![]() |
OpenSSL: Multiple vulnerabilities (GLSA 201603-15) — Gentoo Security | security.gentoo.org text/html |
![]() |
HPE Support document - HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
www.openssl.org text/plain |
![]() | |
DROWN Attack | drownattack.com text/html |
![]() |
Oracle Critical Patch Update - January 2018 | www.oracle.com text/html |
![]() |
OpenSSL CVE-2016-0704 Information Disclosure Vulnerability | cve.report (archive) text/html |
![]() |
[security-announce] SUSE-SU-2016:1057-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 | tools.cisco.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:0638-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0678-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Vendor Advisory openssl.org text/plain |
![]() | |
[security-announce] openSUSE-SU-2016:0628-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0631-1: important: Security update for | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0641-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Oracle Linux Bulletin - January 2016 | www.oracle.com text/html |
![]() |
security.FreeBSD.org text/plain |
![]() | |
[security-announce] SUSE-SU-2016:0621-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates | kb.juniper.net text/html |
![]() |
Public KB - SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory | kb.pulsesecure.net text/html |
![]() |
Oracle Solaris Bulletin - January 2016 | www.oracle.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Openssl | Openssl | 1.0.0 | All | All | All |
Application | Openssl | Openssl | 1.0.0 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta4 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta5 | All | All |
Application | Openssl | Openssl | 1.0.0a | All | All | All |
Application | Openssl | Openssl | 1.0.0b | All | All | All |
Application | Openssl | Openssl | 1.0.0c | All | All | All |
Application | Openssl | Openssl | 1.0.0d | All | All | All |
Application | Openssl | Openssl | 1.0.0e | All | All | All |
Application | Openssl | Openssl | 1.0.0f | All | All | All |
Application | Openssl | Openssl | 1.0.0g | All | All | All |
Application | Openssl | Openssl | 1.0.0h | All | All | All |
Application | Openssl | Openssl | 1.0.0i | All | All | All |
Application | Openssl | Openssl | 1.0.0j | All | All | All |
Application | Openssl | Openssl | 1.0.0k | All | All | All |
Application | Openssl | Openssl | 1.0.0l | All | All | All |
Application | Openssl | Openssl | 1.0.0m | All | All | All |
Application | Openssl | Openssl | 1.0.0n | All | All | All |
Application | Openssl | Openssl | 1.0.0o | All | All | All |
Application | Openssl | Openssl | 1.0.0p | All | All | All |
Application | Openssl | Openssl | 1.0.0q | All | All | All |
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
Application | Openssl | Openssl | All | All | All | All |
Application | Openssl | Openssl | 1.0.0 | All | All | All |
Application | Openssl | Openssl | 1.0.0 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta4 | All | All |
Application | Openssl | Openssl | 1.0.0 | beta5 | All | All |
Application | Openssl | Openssl | 1.0.0a | All | All | All |
Application | Openssl | Openssl | 1.0.0b | All | All | All |
Application | Openssl | Openssl | 1.0.0c | All | All | All |
Application | Openssl | Openssl | 1.0.0d | All | All | All |
Application | Openssl | Openssl | 1.0.0e | All | All | All |
Application | Openssl | Openssl | 1.0.0f | All | All | All |
Application | Openssl | Openssl | 1.0.0g | All | All | All |
Application | Openssl | Openssl | 1.0.0h | All | All | All |
Application | Openssl | Openssl | 1.0.0i | All | All | All |
Application | Openssl | Openssl | 1.0.0j | All | All | All |
Application | Openssl | Openssl | 1.0.0k | All | All | All |
Application | Openssl | Openssl | 1.0.0l | All | All | All |
Application | Openssl | Openssl | 1.0.0m | All | All | All |
Application | Openssl | Openssl | 1.0.0n | All | All | All |
Application | Openssl | Openssl | 1.0.0o | All | All | All |
Application | Openssl | Openssl | 1.0.0p | All | All | All |
Application | Openssl | Openssl | 1.0.0q | All | All | All |
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE