CVE-2016-8610

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

References

http://rhn.redhat.com/errata/RHSA-2017-0286.html

http://rhn.redhat.com/errata/RHSA-2017-0574.html

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/oss-sec/2016/q4/224

http://www.securityfocus.com/bid/93841

http://www.securitytracker.com/id/1037084

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1658

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401

https://security.360.cn/cve/CVE-2016-8610/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc

https://security.netapp.com/advisory/ntap-20171130-0001/

https://security.paloaltonetworks.com/CVE-2016-8610

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us

https://www.debian.org/security/2017/dsa-3773

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2017-11-13

Updated: 2020-10-20

Type: CWE-400

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.0.2 to 1.0.2h (inclusive)

cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from 11.0 to 11.40 (inclusive)

cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*

cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
127344NewStart CGSL MAIN 4.05 : gnutls Multiple Vulnerabilities (NS-SA-2019-0109)NessusNewStart CGSL Local Security Checks
critical
126046SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1)NessusSuSE Local Security Checks
medium
119937SUSE SLES11 Security Update : openssl (SUSE-SU-2018:4274-1)NessusSuSE Local Security Checks
medium
119646SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:4068-1)NessusSuSE Local Security Checks
medium
119641openSUSE Security Update : compat-openssl098 (openSUSE-2018-1529)NessusSuSE Local Security Checks
medium
119116SUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1)NessusSuSE Local Security Checks
medium
119070EulerOS Virtualization 2.5.1 : openssl098e (EulerOS-SA-2018-1379)NessusHuawei Local Security Checks
high
117316RHEL 6 : JBoss Core Services (RHSA-2017:1414)NessusRed Hat Local Security Checks
high
117315RHEL 7 : JBoss Core Services (RHSA-2017:1413)NessusRed Hat Local Security Checks
high
112177RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)NessusRed Hat Local Security Checks
critical
107229AIX OpenSSL Advisory : openssl_advisory22.ascNessusAIX Local Security Checks
high
106503pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)NessusFirewalls
critical
106093SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)NessusSuSE Local Security Checks
critical
103925Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808)NessusFirewalls
high
102692RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)NessusRed Hat Local Security Checks
high
101424Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286)NessusVirtuozzo Local Security Checks
high
101164Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple VulnerabilitiesNessusPalo Alto Local Security Checks
critical
101141RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)NessusRed Hat Local Security Checks
critical
99887EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1042)NessusHuawei Local Security Checks
high
99886EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1041)NessusHuawei Local Security Checks
high
99885EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)NessusHuawei Local Security Checks
critical
99884EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)NessusHuawei Local Security Checks
critical
99875EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)NessusHuawei Local Security Checks
high
99874EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)NessusHuawei Local Security Checks
high
99419Amazon Linux AMI : gnutls (ALAS-2017-815)NessusAmazon Linux Local Security Checks
critical
99217Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20170321)NessusScientific Linux Local Security Checks
critical
99063Oracle Linux 6 : gnutls (ELSA-2017-0574)NessusOracle Linux Local Security Checks
critical
97951CentOS 6 : gnutls (CESA-2017:0574)NessusCentOS Local Security Checks
high
97874RHEL 6 : gnutls (RHSA-2017:0574)NessusRed Hat Local Security Checks
critical
97853Ubuntu 12.04 LTS / 14.04 LTS : gnutls26 vulnerability (USN-3183-2)NessusUbuntu Local Security Checks
critical
97555Amazon Linux AMI : openssl (ALAS-2017-803)NessusAmazon Linux Local Security Checks
high
97550SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)NessusSuSE Local Security Checks
critical
97494SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)NessusSuSE Local Security Checks
critical
97316OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)NessusOracleVM Local Security Checks
high
97305CentOS 6 / 7 : openssl (CESA-2017:0286)NessusCentOS Local Security Checks
high
97295Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)NessusScientific Linux Local Security Checks
high
97294RHEL 6 / 7 : openssl (RHSA-2017:0286)NessusRed Hat Local Security Checks
high
97293Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)NessusOracle Linux Local Security Checks
high
97275openSUSE Security Update : openssl (openSUSE-2017-255)NessusSuSE Local Security Checks
critical
97188SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)NessusSuSE Local Security Checks
critical
97180Fedora 24 : 1:openssl (2017-e853b4144f)NessusFedora Local Security Checks
high
97054Fedora 25 : 1:openssl (2017-3451dbec48)NessusFedora Local Security Checks
high
97004openSUSE Security Update : gnutls (openSUSE-2017-207)NessusSuSE Local Security Checks
critical
96952Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gnutls26, gnutls28 vulnerabilities (USN-3183-1)NessusUbuntu Local Security Checks
critical
96950SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)NessusSuSE Local Security Checks
critical
96931Debian DLA-814-1 : openssl security updateNessusDebian Local Security Checks
high
96927Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)NessusUbuntu Local Security Checks
critical
96870SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1)NessusSuSE Local Security Checks
critical
96842Debian DSA-3773-1 : openssl - security updateNessusDebian Local Security Checks
high
94492FreeBSD : FreeBSD -- OpenSSL Remote DoS vulnerability (0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8)NessusFreeBSD Local Security Checks
high
9628OpenSSL 1.1.0 < 1.1.0b Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
9627OpenSSL 1.0.2 < 1.0.2j Multiple DoSNessus Network MonitorWeb Servers
medium