CVE-2016-0704

Published on: 03/02/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVE-2016-0704

Source: Mitre
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Openssl from Openssl contain the following vulnerability:

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

  • CVE-2016-0704 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
[security-announce] openSUSE-SU-2016:0637-1: important: Security update lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2016:0637
[security-announce] SUSE-SU-2016:0617-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0617
[security-announce] openSUSE-SU-2016:0720-1: important: Security update lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2016:0720
git.openssl.org Git - openssl.git/commit git.openssl.org
text/xml
 URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
[security-announce] SUSE-SU-2016:0624-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0624
[security-announce] SUSE-SU-2016:0620-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0620
OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases - SecurityTracker www.securitytracker.com
text/html
 URL Logo SECTRACK 1035133
OpenSSL: Multiple vulnerabilities (GLSA 201603-15) — Gentoo Security security.gentoo.org
text/html
 URL Logo GENTOO GLSA-201603-15
HPE Support document - HPE Support Center h20566.www2.hpe.com
text/html
 URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
www.openssl.org
text/plain
 CONFIRM www.openssl.org/news/secadv/20160301.txt
DROWN Attack drownattack.com
text/html
 URL Logo MISC drownattack.com
Oracle Critical Patch Update - January 2018 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
OpenSSL CVE-2016-0704 Information Disclosure Vulnerability cve.report (archive)
text/html
 URL Logo BID 83764
[security-announce] SUSE-SU-2016:1057-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:1057
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 tools.cisco.com
text/html
 URL Logo CISCO 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
[security-announce] openSUSE-SU-2016:0638-1: important: Security update lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2016:0638
[security-announce] SUSE-SU-2016:0678-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0678
Vendor Advisory
openssl.org
text/plain
 CONFIRM openssl.org/news/secadv/20160301.txt
[security-announce] openSUSE-SU-2016:0628-1: important: Security update lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2016:0628
[security-announce] SUSE-SU-2016:0631-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0631
[security-announce] SUSE-SU-2016:0641-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0641
Oracle Linux Bulletin - January 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
security.FreeBSD.org
text/plain
 FREEBSD FreeBSD-SA-16:12
[security-announce] SUSE-SU-2016:0621-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:0621
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates kb.juniper.net
text/html
 URL Logo CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Public KB - SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory kb.pulsesecure.net
text/html
 URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Oracle Solaris Bulletin - January 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.0AllAllAll
ApplicationOpensslOpenssl1.0.0beta1AllAll
ApplicationOpensslOpenssl1.0.0beta2AllAll
ApplicationOpensslOpenssl1.0.0beta3AllAll
ApplicationOpensslOpenssl1.0.0beta4AllAll
ApplicationOpensslOpenssl1.0.0beta5AllAll
ApplicationOpensslOpenssl1.0.0aAllAllAll
ApplicationOpensslOpenssl1.0.0bAllAllAll
ApplicationOpensslOpenssl1.0.0cAllAllAll
ApplicationOpensslOpenssl1.0.0dAllAllAll
ApplicationOpensslOpenssl1.0.0eAllAllAll
ApplicationOpensslOpenssl1.0.0fAllAllAll
ApplicationOpensslOpenssl1.0.0gAllAllAll
ApplicationOpensslOpenssl1.0.0hAllAllAll
ApplicationOpensslOpenssl1.0.0iAllAllAll
ApplicationOpensslOpenssl1.0.0jAllAllAll
ApplicationOpensslOpenssl1.0.0kAllAllAll
ApplicationOpensslOpenssl1.0.0lAllAllAll
ApplicationOpensslOpenssl1.0.0mAllAllAll
ApplicationOpensslOpenssl1.0.0nAllAllAll
ApplicationOpensslOpenssl1.0.0oAllAllAll
ApplicationOpensslOpenssl1.0.0pAllAllAll
ApplicationOpensslOpenssl1.0.0qAllAllAll
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1beta1AllAll
ApplicationOpensslOpenssl1.0.1beta2AllAll
ApplicationOpensslOpenssl1.0.1beta3AllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOpensslOpenssl1.0.0AllAllAll
ApplicationOpensslOpenssl1.0.0beta1AllAll
ApplicationOpensslOpenssl1.0.0beta2AllAll
ApplicationOpensslOpenssl1.0.0beta3AllAll
ApplicationOpensslOpenssl1.0.0beta4AllAll
ApplicationOpensslOpenssl1.0.0beta5AllAll
ApplicationOpensslOpenssl1.0.0aAllAllAll
ApplicationOpensslOpenssl1.0.0bAllAllAll
ApplicationOpensslOpenssl1.0.0cAllAllAll
ApplicationOpensslOpenssl1.0.0dAllAllAll
ApplicationOpensslOpenssl1.0.0eAllAllAll
ApplicationOpensslOpenssl1.0.0fAllAllAll
ApplicationOpensslOpenssl1.0.0gAllAllAll
ApplicationOpensslOpenssl1.0.0hAllAllAll
ApplicationOpensslOpenssl1.0.0iAllAllAll
ApplicationOpensslOpenssl1.0.0jAllAllAll
ApplicationOpensslOpenssl1.0.0kAllAllAll
ApplicationOpensslOpenssl1.0.0lAllAllAll
ApplicationOpensslOpenssl1.0.0mAllAllAll
ApplicationOpensslOpenssl1.0.0nAllAllAll
ApplicationOpensslOpenssl1.0.0oAllAllAll
ApplicationOpensslOpenssl1.0.0pAllAllAll
ApplicationOpensslOpenssl1.0.0qAllAllAll
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1beta1AllAll
ApplicationOpensslOpenssl1.0.1beta2AllAll
ApplicationOpensslOpenssl1.0.1beta3AllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
  • cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*: