CVE-2016-0800

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

http://marc.info/?l=bugtraq&m=145983526810210&w=2

http://marc.info/?l=bugtraq&m=146108058503441&w=2

http://marc.info/?l=bugtraq&m=146133665209436&w=2

http://rhn.redhat.com/errata/RHSA-2016-1519.html

http://support.citrix.com/article/CTX208403

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/83733

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035133

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf

https://access.redhat.com/security/vulnerabilities/drown

https://drownattack.com

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

https://kc.mcafee.com/corporate/index?page=content&id=SB10154

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

https://security.gentoo.org/glsa/201603-15

https://security.netapp.com/advisory/ntap-20160301-0001/

https://www.kb.cert.org/vuls/id/583776

https://www.openssl.org/news/secadv/20160301.txt

Details

Source: MITRE

Published: 2016-03-01

Updated: 2018-11-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*

cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
107060Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)NessusMisc.
medium
106499pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)NessusFirewalls
critical
100180F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)NessusF5 Networks Local Security Checks
medium
99885EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)NessusHuawei Local Security Checks
critical
99884EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)NessusHuawei Local Security Checks
critical
94679Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)NessusFirewalls
critical
92921FreeBSD : FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) (DROWN)NessusFreeBSD Local Security Checks
critical
91068openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)NessusSuSE Local Security Checks
critical
90834Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)NessusDatabases
critical
90832Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN)NessusDatabases
critical
90705Splunk Enterprise < 5.0.15 / 6.0.11 / 6.1.10 / 6.2.9 / 6.3.3.4 or Splunk Light < 6.2.9 / 6.3.3.4 Multiple Vulnerabilities (DROWN)NessusCGI abuses
critical
90684MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)NessusDatabases
critical
90683MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (DROWN)NessusDatabases
critical
90448AIX OpenSSL Advisory : openssl_advisory18.asc / openssl_advisory19.asc (DROWN)NessusAIX Local Security Checks
critical
90364Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)NessusAmazon Linux Local Security Checks
medium
90053GLSA-201603-15 : OpenSSL: Multiple vulnerabilities (DROWN)NessusGentoo Local Security Checks
critical
89945F5 Networks BIG-IP : OpenSSL vulnerabilities (SOL95463126) (DROWN)NessusF5 Networks Local Security Checks
medium
89910openSUSE Security Update : openssl (openSUSE-2016-327) (DROWN)NessusSuSE Local Security Checks
critical
89842Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)NessusAmazon Linux Local Security Checks
critical
89825Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)NessusScientific Linux Local Security Checks
medium
89819RHEL 6 : rhev-hypervisor (RHSA-2016:0379) (DROWN)NessusRed Hat Local Security Checks
critical
89773RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)NessusRed Hat Local Security Checks
medium
89770Oracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)NessusOracle Linux Local Security Checks
medium
89762CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)NessusCentOS Local Security Checks
medium
89731SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)NessusSuSE Local Security Checks
critical
89722SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)NessusSuSE Local Security Checks
critical
801963OpenSSL 1.0.1 < 1.0.1s / 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN)Log Correlation EngineWeb Servers
medium
801962SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)Log Correlation EngineWeb Servers
medium
89658SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0641-1) (DROWN)NessusSuSE Local Security Checks
critical
89655SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)NessusSuSE Local Security Checks
critical
89651openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)NessusSuSE Local Security Checks
critical
89092openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)NessusSuSE Local Security Checks
critical
89091openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)NessusSuSE Local Security Checks
critical
89090openSUSE Security Update : openssl (openSUSE-2016-288) (DROWN)NessusSuSE Local Security Checks
critical
89085Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2016-062-02) (DROWN)NessusSlackware Local Security Checks
critical
89082OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN)NessusWeb Servers
critical
89081OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities (DROWN)NessusWeb Servers
critical
89077SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)NessusSuSE Local Security Checks
critical
89076SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)NessusSuSE Local Security Checks
critical
89075Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160301) (DROWN)NessusScientific Linux Local Security Checks
critical
89074Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20160301) (DROWN)NessusScientific Linux Local Security Checks
high
89071RHEL 6 / 7 : openssl (RHSA-2016:0305) (DROWN)NessusRed Hat Local Security Checks
medium
89070RHEL 5 : openssl (RHSA-2016:0304) (DROWN)NessusRed Hat Local Security Checks
medium
89069RHEL 6 : openssl (RHSA-2016:0303) (DROWN)NessusRed Hat Local Security Checks
medium
89068RHEL 5 : openssl (RHSA-2016:0302) (DROWN)NessusRed Hat Local Security Checks
high
89067RHEL 6 / 7 : openssl (RHSA-2016:0301) (DROWN)NessusRed Hat Local Security Checks
critical
89065Oracle Linux 5 : openssl (ELSA-2016-0302) (DROWN)NessusOracle Linux Local Security Checks
high
89064Oracle Linux 6 / 7 : openssl (ELSA-2016-0301) (DROWN)NessusOracle Linux Local Security Checks
critical
89060CentOS 5 : openssl (CESA-2016:0302) (DROWN)NessusCentOS Local Security Checks
high
89059CentOS 6 / 7 : openssl (CESA-2016:0301) (DROWN)NessusCentOS Local Security Checks
critical
9128OpenSSL 1.0.1 < 1.0.1s / 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN)Nessus Network MonitorWeb Servers
medium
9127SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)Nessus Network MonitorGeneric
medium
89058SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)NessusMisc.
medium