CVE-2016-0800 - Vulnerability Details

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl
Pulsesecure	Client Steel Belted Radius
Redhat	Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server Jboss Operations Network Rhel Aus Rhel Els Rhel Eus Rhel Mission Critical

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1j:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1k:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1l:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1m:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1n:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1o:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1p:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1q:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1r:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2f:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:pulsesecure:client:-:::::iphone_os::
	cpe:2.3:a:pulsesecure:steel_belted_radius:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4 Extended Lifecycle Support
openssl-0:0.9.7a-43.23.el4	cpe:/o:redhat:rhel_els:4	RHSA-2016:0306	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 5
openssl-0:0.9.8e-39.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:0302	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 5.6 Long Life
openssl-0:0.9.8e-12.el5_6.13	cpe:/o:redhat:rhel_mission_critical:5.6	RHSA-2016:0304	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 5.9 Long Life
openssl-0:0.9.8e-26.el5_9.5	cpe:/o:redhat:rhel_aus:5.9	RHSA-2016:0304	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-42.el6_7.4	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0301	2016-03-01T00:00:00Z
openssl098e-0:0.9.8e-20.el6_7.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0372	2016-03-09T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
openssl-0:1.0.0-20.el6_2.8	cpe:/o:redhat:rhel_mission_critical:6.2	RHSA-2016:0303	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
openssl-0:1.0.0-27.el6_4.5	cpe:/o:redhat:rhel_aus:6.4	RHSA-2016:0303	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
openssl-0:1.0.1e-16.el6_5.16	cpe:/o:redhat:rhel_aus:6.5	RHSA-2016:0303	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 6.6 Extended Update Support
openssl-0:1.0.1e-30.el6_6.12	cpe:/o:redhat:rhel_eus:6.6	RHSA-2016:0305	2016-03-01T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.1e-51.el7_2.4	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0301	2016-03-01T00:00:00Z
openssl098e-0:0.9.8e-29.el7_2.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0372	2016-03-09T00:00:00Z
Red Hat Enterprise Linux 7.1 Extended Update Support
openssl-1:1.0.1e-42.ael7b_1.10	cpe:/o:redhat:rhel_eus:7.1	RHSA-2016:0305	2016-03-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
openssl	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2016:0490	2016-03-22T00:00:00Z
Red Hat JBoss Operations Network 3.3
	cpe:/a:redhat:jboss_operations_network:3.3	RHSA-2016:1519	2016-07-27T00:00:00Z
Red Hat JBoss Web Server 2.1
	cpe:/a:redhat:jboss_enterprise_web_server:2.1	RHSA-2016:0445	2016-03-14T00:00:00Z
Red Hat JBoss Web Server 3.0
	cpe:/a:redhat:jboss_enterprise_web_server:3.0	RHSA-2016:0446	2016-03-14T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
rhev-hypervisor7-0:7.2-20160302.1.el6ev	cpe:/o:redhat:enterprise_linux:6::hypervisor	RHSA-2016:0379	2016-03-09T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-7
rhev-hypervisor7-0:7.2-20160302.1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2016:0379	2016-03-09T00:00:00Z

References

Link	Providers
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
http://marc.info/?l=bugtraq&m=145983526810210&w=2
http://marc.info/?l=bugtraq&m=146108058503441&w=2
http://marc.info/?l=bugtraq&m=146133665209436&w=2
http://rhn.redhat.com/errata/RHSA-2016-1519.html
http://support.citrix.com/article/CTX208403
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83733
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1035133
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf
https://access.redhat.com/articles/2176731
https://access.redhat.com/security/vulnerabilities/drown
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf
https://drownattack.com
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://kc.mcafee.com/corporate/index?page=content&id=SB10154
https://nvd.nist.gov/vuln/detail/CVE-2016-0800
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
https://security.netapp.com/advisory/ntap-20160301-0001/
https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18
https://www.cve.org/CVERecord?id=CVE-2016-0800
https://www.drownattack.com/
https://www.kb.cert.org/vuls/id/583776
https://www.openssl.org/news/secadv/20160301.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-03-01T00:00:00

Updated: 2024-08-05T22:30:05.111Z

Reserved: 2015-12-16T00:00:00

Link: CVE-2016-0800

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-03-01T20:59:00.253

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-0800

Redhat

Severity : Important

Publid Date: 2016-03-01T00:00:00Z

Links: CVE-2016-0800 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2016-0800", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T22:30:05.111Z", "dateReserved": "2015-12-16T00:00:00", "datePublished": "2016-03-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10154"}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"url": "https://access.redhat.com/security/vulnerabilities/drown"}, {"name": "HPSBMU03573", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=146133665209436&w=2"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"}, {"name": "HPSBMU03575", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=146108058503441&w=2"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en"}, {"name": "openSUSE-SU-2016:0638", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"}, {"name": "FreeBSD-SA-16:12", "tags": ["vendor-advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "openSUSE-SU-2016:1239", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"}, {"name": "SUSE-SU-2016:0621", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"url": "https://security.netapp.com/advisory/ntap-20160301-0001/"}, {"name": "HPSBGN03569", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953"}, {"name": "SUSE-SU-2016:1057", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"}, {"name": "VU#583776", "tags": ["third-party-advisory"], "url": "https://www.kb.cert.org/vuls/id/583776"}, {"url": "https://drownattack.com"}, {"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"}, {"name": "openSUSE-SU-2016:1241", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"}, {"name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", "tags": ["vendor-advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"}, {"name": "openSUSE-SU-2016:0720", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"}, {"name": "SUSE-SU-2016:0624", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554"}, {"name": "83733", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/83733"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us"}, {"name": "RHSA-2016:1519", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"}, {"name": "SUSE-SU-2016:0631", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"}, {"url": "https://www.openssl.org/news/secadv/20160301.txt"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "SUSE-SU-2016:0617", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722"}, {"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf"}, {"name": "GLSA-201603-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201603-15"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"}, {"url": "http://support.citrix.com/article/CTX208403"}, {"name": "openSUSE-SU-2016:0628", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"}, {"name": "1035133", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1035133"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"}, {"name": "SUSE-SU-2016:0678", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"}, {"name": "SUSE-SU-2016:0620", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"}, {"name": "openSUSE-SU-2016:0637", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"name": "openSUSE-SU-2016:0627", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"}, {"name": "SUSE-SU-2016:0641", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2016-03-01T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:05.111Z"}, "title": "CVE Program Container", "references": [{"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10154", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/vulnerabilities/drown", "tags": ["x_transferred"]}, {"name": "HPSBMU03573", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=146133665209436&w=2"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", "tags": ["x_transferred"]}, {"name": "HPSBMU03575", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=146108058503441&w=2"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["x_transferred"]}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2016:0638", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"}, {"name": "FreeBSD-SA-16:12", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2016:1239", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"}, {"name": "SUSE-SU-2016:0621", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"url": "https://security.netapp.com/advisory/ntap-20160301-0001/", "tags": ["x_transferred"]}, {"name": "HPSBGN03569", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2016:1057", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", "tags": ["x_transferred"]}, {"name": "VU#583776", "tags": ["third-party-advisory", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/583776"}, {"url": "https://drownattack.com", "tags": ["x_transferred"]}, {"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2016:1241", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"}, {"name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", "tags": ["vendor-advisory", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2016:0720", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"}, {"name": "SUSE-SU-2016:0624", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554", "tags": ["x_transferred"]}, {"name": "83733", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/83733"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", "tags": ["x_transferred"]}, {"name": "RHSA-2016:1519", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"}, {"name": "SUSE-SU-2016:0631", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"}, {"url": "https://www.openssl.org/news/secadv/20160301.txt", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["x_transferred"]}, {"name": "91787", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "SUSE-SU-2016:0617", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722", "tags": ["x_transferred"]}, {"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf", "tags": ["x_transferred"]}, {"name": "GLSA-201603-15", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-15"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", "tags": ["x_transferred"]}, {"url": "http://support.citrix.com/article/CTX208403", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2016:0628", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"}, {"name": "1035133", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1035133"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2016:0678", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"}, {"name": "SUSE-SU-2016:0620", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"}, {"name": "openSUSE-SU-2016:0637", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"name": "openSUSE-SU-2016:0627", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"}, {"name": "SUSE-SU-2016:0641", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", "tags": ["x_transferred"]}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf", "tags": ["x_transferred"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "B0648626-6AAC-4338-A258-7536866A3B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF972AB5-74AE-4ED0-81FA-706D6A8DE67A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack."}, {"lang": "es", "value": "El protocolo SSLv2, como se utiliza en OpenSSL en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g y otros productos requiere un servidor para enviar un mensaje ServerVerify antes de establecer que un cliente posee ciertos datos RSA en texto plano, lo que facilita a atacantes remotos descifrar datos de texto cifrados con TLS aprovech\u00e1ndose de un Bleichenbacher RSA padding oracle, tambi\u00e9n conocida como ataque \"DROWN\"."}], "id": "CVE-2016-0800", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-01T20:59:00.253", "references": [{"source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722"}, {"source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=146108058503441&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=146133665209436&w=2"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"}, {"source": "secalert@redhat.com", "url": "http://support.citrix.com/article/CTX208403"}, {"source": "secalert@redhat.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"}, {"source": "secalert@redhat.com", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/83733"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1035133"}, {"source": "secalert@redhat.com", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/vulnerabilities/drown"}, {"source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"}, {"source": "secalert@redhat.com", "url": "https://drownattack.com"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"}, {"source": "secalert@redhat.com", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"}, {"source": "secalert@redhat.com", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03"}, {"source": "secalert@redhat.com", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"}, {"source": "secalert@redhat.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10154"}, {"source": "secalert@redhat.com", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-15"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20160301-0001/"}, {"source": "secalert@redhat.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"}, {"source": "secalert@redhat.com", "url": "https://www.kb.cert.org/vuls/id/583776"}, {"source": "secalert@redhat.com", "url": "https://www.openssl.org/news/secadv/20160301.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=146108058503441&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=146133665209436&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.citrix.com/article/CTX208403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/83733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/vulnerabilities/drown"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://drownattack.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20160301-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/583776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openssl.org/news/secadv/20160301.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "affected_release": [{"advisory": "RHSA-2016:0306", "cpe": "cpe:/o:redhat:rhel_els:4", "package": "openssl-0:0.9.7a-43.23.el4", "product_name": "Red Hat Enterprise Linux 4 Extended Lifecycle Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0302", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openssl-0:0.9.8e-39.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0304", "cpe": "cpe:/o:redhat:rhel_mission_critical:5.6", "package": "openssl-0:0.9.8e-12.el5_6.13", "product_name": "Red Hat Enterprise Linux 5.6 Long Life", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0304", "cpe": "cpe:/o:redhat:rhel_aus:5.9", "package": "openssl-0:0.9.8e-26.el5_9.5", "product_name": "Red Hat Enterprise Linux 5.9 Long Life", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0301", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.1e-42.el6_7.4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0372", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl098e-0:0.9.8e-20.el6_7.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-09T00:00:00Z"}, {"advisory": "RHSA-2016:0303", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "openssl-0:1.0.0-20.el6_2.8", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0303", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "openssl-0:1.0.0-27.el6_4.5", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0303", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "openssl-0:1.0.1e-16.el6_5.16", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0305", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "openssl-0:1.0.1e-30.el6_6.12", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0301", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.1e-51.el7_2.4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0372", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl098e-0:0.9.8e-29.el7_2.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-03-09T00:00:00Z"}, {"advisory": "RHSA-2016:0305", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "openssl-1:1.0.1e-42.ael7b_1.10", "product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date": "2016-03-01T00:00:00Z"}, {"advisory": "RHSA-2016:0490", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "package": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2016-03-22T00:00:00Z"}, {"advisory": "RHSA-2016:1519", "cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "product_name": "Red Hat JBoss Operations Network 3.3", "release_date": "2016-07-27T00:00:00Z"}, {"advisory": "RHSA-2016:0445", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2016-03-14T00:00:00Z"}, {"advisory": "RHSA-2016:0446", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0", "product_name": "Red Hat JBoss Web Server 3.0", "release_date": "2016-03-14T00:00:00Z"}, {"advisory": "RHSA-2016:0379", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor7-0:7.2-20160302.1.el6ev", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2016-03-09T00:00:00Z"}, {"advisory": "RHSA-2016:0379", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "rhev-hypervisor7-0:7.2-20160302.1.el7ev", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date": "2016-03-09T00:00:00Z"}], "bugzilla": {"description": "SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)", "id": "1310593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310593"}, "csaw": true, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN."], "name": "CVE-2016-0800", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:rhel_eus:5.6", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.6"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.7", "fix_state": "Affected", "package_name": "guest-images", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.7"}, {"cpe": "cpe:/o:redhat:rhel_eus:7.2", "fix_state": "Affected", "package_name": "rhel-guest-image", "product_name": "Red Hat Enterprise Linux Extended Update Support 7.2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "fix_state": "Affected", "package_name": "CoreServer", "product_name": "Red Hat JBoss Operations Network 3.3"}], "public_date": "2016-03-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0800\nhttps://access.redhat.com/articles/2176731\nhttps://www.drownattack.com/\nhttps://www.openssl.org/news/secadv/20160301.txt"], "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object