CVE-2016-8610high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://rhn.redhat.com/errata/RHSA-2017-0574.html
http://rhn.redhat.com/errata/RHSA-2017-1415.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
http://seclists.org/oss-sec/2016/q4/224
http://www.securityfocus.com/bid/93841
http://www.securitytracker.com/id/1037084
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2494
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.360.cn/cve/CVE-2016-8610/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
https://www.debian.org/security/2017/dsa-3773
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Details
Source: MITRE
Published: 2017-11-13
Updated: 2020-10-20
Type: CWE-400
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.0.2 to 1.0.2h (inclusive)
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 4
AND
OR
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
OR
Configuration 5
AND
OR
OR
Configuration 6
OR
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from 11.0 to 11.40 (inclusive)
cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 127344 | NewStart CGSL MAIN 4.05 : gnutls Multiple Vulnerabilities (NS-SA-2019-0109) | Nessus | NewStart CGSL Local Security Checks | critical |
| 126046 | SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1) | Nessus | SuSE Local Security Checks | medium |
| 119937 | SUSE SLES11 Security Update : openssl (SUSE-SU-2018:4274-1) | Nessus | SuSE Local Security Checks | medium |
| 119646 | SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:4068-1) | Nessus | SuSE Local Security Checks | medium |
| 119641 | openSUSE Security Update : compat-openssl098 (openSUSE-2018-1529) | Nessus | SuSE Local Security Checks | medium |
| 119116 | SUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1) | Nessus | SuSE Local Security Checks | medium |
| 119070 | EulerOS Virtualization 2.5.1 : openssl098e (EulerOS-SA-2018-1379) | Nessus | Huawei Local Security Checks | high |
| 117316 | RHEL 6 : JBoss Core Services (RHSA-2017:1414) | Nessus | Red Hat Local Security Checks | high |
| 117315 | RHEL 7 : JBoss Core Services (RHSA-2017:1413) | Nessus | Red Hat Local Security Checks | high |
| 112177 | RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801) | Nessus | Red Hat Local Security Checks | critical |
| 107229 | AIX OpenSSL Advisory : openssl_advisory22.asc | Nessus | AIX Local Security Checks | high |
| 106503 | pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03) | Nessus | Firewalls | critical |
| 106093 | SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1) | Nessus | SuSE Local Security Checks | critical |
| 103925 | Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808) | Nessus | Firewalls | high |
| 102692 | RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493) | Nessus | Red Hat Local Security Checks | high |
| 101424 | Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286) | Nessus | Virtuozzo Local Security Checks | high |
| 101164 | Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple Vulnerabilities | Nessus | Palo Alto Local Security Checks | critical |
| 101141 | RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658) | Nessus | Red Hat Local Security Checks | critical |
| 99887 | EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1042) | Nessus | Huawei Local Security Checks | high |
| 99886 | EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1041) | Nessus | Huawei Local Security Checks | high |
| 99885 | EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040) | Nessus | Huawei Local Security Checks | critical |
| 99884 | EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039) | Nessus | Huawei Local Security Checks | critical |
| 99875 | EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030) | Nessus | Huawei Local Security Checks | high |
| 99874 | EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029) | Nessus | Huawei Local Security Checks | high |
| 99419 | Amazon Linux AMI : gnutls (ALAS-2017-815) | Nessus | Amazon Linux Local Security Checks | critical |
| 99217 | Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20170321) | Nessus | Scientific Linux Local Security Checks | critical |
| 99063 | Oracle Linux 6 : gnutls (ELSA-2017-0574) | Nessus | Oracle Linux Local Security Checks | critical |
| 97951 | CentOS 6 : gnutls (CESA-2017:0574) | Nessus | CentOS Local Security Checks | high |
| 97874 | RHEL 6 : gnutls (RHSA-2017:0574) | Nessus | Red Hat Local Security Checks | critical |
| 97853 | Ubuntu 12.04 LTS / 14.04 LTS : gnutls26 vulnerability (USN-3183-2) | Nessus | Ubuntu Local Security Checks | critical |
| 97555 | Amazon Linux AMI : openssl (ALAS-2017-803) | Nessus | Amazon Linux Local Security Checks | high |
| 97550 | SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1) | Nessus | SuSE Local Security Checks | critical |
| 97494 | SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1) | Nessus | SuSE Local Security Checks | critical |
| 97316 | OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042) | Nessus | OracleVM Local Security Checks | high |
| 97305 | CentOS 6 / 7 : openssl (CESA-2017:0286) | Nessus | CentOS Local Security Checks | high |
| 97295 | Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220) | Nessus | Scientific Linux Local Security Checks | high |
| 97294 | RHEL 6 / 7 : openssl (RHSA-2017:0286) | Nessus | Red Hat Local Security Checks | high |
| 97293 | Oracle Linux 6 / 7 : openssl (ELSA-2017-0286) | Nessus | Oracle Linux Local Security Checks | high |
| 97275 | openSUSE Security Update : openssl (openSUSE-2017-255) | Nessus | SuSE Local Security Checks | critical |
| 97188 | SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1) | Nessus | SuSE Local Security Checks | critical |
| 97180 | Fedora 24 : 1:openssl (2017-e853b4144f) | Nessus | Fedora Local Security Checks | high |
| 97054 | Fedora 25 : 1:openssl (2017-3451dbec48) | Nessus | Fedora Local Security Checks | high |
| 97004 | openSUSE Security Update : gnutls (openSUSE-2017-207) | Nessus | SuSE Local Security Checks | critical |
| 96952 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gnutls26, gnutls28 vulnerabilities (USN-3183-1) | Nessus | Ubuntu Local Security Checks | critical |
| 96950 | SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1) | Nessus | SuSE Local Security Checks | critical |
| 96931 | Debian DLA-814-1 : openssl security update | Nessus | Debian Local Security Checks | high |
| 96927 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1) | Nessus | Ubuntu Local Security Checks | critical |
| 96870 | SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1) | Nessus | SuSE Local Security Checks | critical |
| 96842 | Debian DSA-3773-1 : openssl - security update | Nessus | Debian Local Security Checks | high |
| 94492 | FreeBSD : FreeBSD -- OpenSSL Remote DoS vulnerability (0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | high |
| 9628 | OpenSSL 1.1.0 < 1.1.0b Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | critical |
| 9627 | OpenSSL 1.0.2 < 1.0.2j Multiple DoS | Nessus Network Monitor | Web Servers | medium |