CVE-2016-8610

MEDIUM

Description

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

References

http://rhn.redhat.com/errata/RHSA-2017-0286.html

http://rhn.redhat.com/errata/RHSA-2017-0574.html

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/oss-sec/2016/q4/224

http://www.securityfocus.com/bid/93841

http://www.securitytracker.com/id/1037084

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1658

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401

https://security.360.cn/cve/CVE-2016-8610/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc

https://security.netapp.com/advisory/ntap-20171130-0001/

https://securityadvisories.paloaltonetworks.com/Home/Detail/87

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us

https://www.debian.org/security/2017/dsa-3773

Details

Source: MITRE

Published: 2017-11-13

Updated: 2018-10-02

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*

Tenable Plugins

View all (50 total)

ID	Name	Product	Family	Severity
119937	SUSE SLES11 Security Update : openssl (SUSE-SU-2018:4274-1)	Nessus	SuSE Local Security Checks	medium
119646	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:4068-1)	Nessus	SuSE Local Security Checks	medium
119641	openSUSE Security Update : compat-openssl098 (openSUSE-2018-1529)	Nessus	SuSE Local Security Checks	medium
119116	SUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1)	Nessus	SuSE Local Security Checks	medium
119070	EulerOS Virtualization 2.5.1 : openssl098e (EulerOS-SA-2018-1379)	Nessus	Huawei Local Security Checks	medium
117316	RHEL 6 : JBoss Core Services (RHSA-2017:1414)	Nessus	Red Hat Local Security Checks	high
117315	RHEL 7 : JBoss Core Services (RHSA-2017:1413)	Nessus	Red Hat Local Security Checks	high
112177	RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)	Nessus	Red Hat Local Security Checks	high
107229	AIX OpenSSL Advisory : openssl_advisory22.asc	Nessus	AIX Local Security Checks	high
106503	pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)	Nessus	Firewalls	high
106093	SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)	Nessus	SuSE Local Security Checks	critical
103925	Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808)	Nessus	Firewalls	high
102692	RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)	Nessus	Red Hat Local Security Checks	high
101424	Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286)	Nessus	Virtuozzo Local Security Checks	medium
101164	Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple Vulnerabilities	Nessus	Palo Alto Local Security Checks	critical
101141	RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)	Nessus	Red Hat Local Security Checks	high
99887	EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1042)	Nessus	Huawei Local Security Checks	medium
99886	EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1041)	Nessus	Huawei Local Security Checks	medium
99885	EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)	Nessus	Huawei Local Security Checks	high
99884	EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)	Nessus	Huawei Local Security Checks	high
99875	EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)	Nessus	Huawei Local Security Checks	medium
99874	EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)	Nessus	Huawei Local Security Checks	medium
99419	Amazon Linux AMI : gnutls (ALAS-2017-815)	Nessus	Amazon Linux Local Security Checks	high
99217	Scientific Linux Security Update : gnutls on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
99063	Oracle Linux 6 : gnutls (ELSA-2017-0574)	Nessus	Oracle Linux Local Security Checks	high
97951	CentOS 6 : gnutls (CESA-2017:0574)	Nessus	CentOS Local Security Checks	high
97874	RHEL 6 : gnutls (RHSA-2017:0574)	Nessus	Red Hat Local Security Checks	high
97853	Ubuntu 12.04 LTS / 14.04 LTS : gnutls26 vulnerability (USN-3183-2)	Nessus	Ubuntu Local Security Checks	high
97555	Amazon Linux AMI : openssl (ALAS-2017-803)	Nessus	Amazon Linux Local Security Checks	medium
97550	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)	Nessus	SuSE Local Security Checks	critical
97494	SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)	Nessus	SuSE Local Security Checks	critical
97316	OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)	Nessus	OracleVM Local Security Checks	medium
97305	CentOS 6 / 7 : openssl (CESA-2017:0286)	Nessus	CentOS Local Security Checks	medium
97295	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
97294	RHEL 6 / 7 : openssl (RHSA-2017:0286)	Nessus	Red Hat Local Security Checks	medium
97293	Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)	Nessus	Oracle Linux Local Security Checks	medium
97275	openSUSE Security Update : openssl (openSUSE-2017-255)	Nessus	SuSE Local Security Checks	critical
97188	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)	Nessus	SuSE Local Security Checks	critical
97180	Fedora 24 : 1:openssl (2017-e853b4144f)	Nessus	Fedora Local Security Checks	medium
97054	Fedora 25 : 1:openssl (2017-3451dbec48)	Nessus	Fedora Local Security Checks	medium
97004	openSUSE Security Update : gnutls (openSUSE-2017-207)	Nessus	SuSE Local Security Checks	high
96952	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gnutls26, gnutls28 vulnerabilities (USN-3183-1)	Nessus	Ubuntu Local Security Checks	high
96950	SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)	Nessus	SuSE Local Security Checks	high
96931	Debian DLA-814-1 : openssl security update	Nessus	Debian Local Security Checks	medium
96927	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)	Nessus	Ubuntu Local Security Checks	high
96870	SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1)	Nessus	SuSE Local Security Checks	high
96842	Debian DSA-3773-1 : openssl - security update	Nessus	Debian Local Security Checks	medium
94492	FreeBSD : FreeBSD -- OpenSSL Remote DoS vulnerability (0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
9628	OpenSSL 1.1.0 < 1.1.0b Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	critical
9627	OpenSSL 1.0.2 < 1.0.2j Multiple DoS	Nessus Network Monitor	Web Servers	medium