Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2016-2107
HistoryMay 05, 2016 - 1:59 a.m.

CVE-2016-2107

2016-05-0501:59:00
Alpine Linux Development Team
security.alpinelinux.org
19

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.7%

JSON

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Related

osv 4
veracode 3
ubuntucve 10
cve 9
debiancve 5
prion 9
nessus 35
f5 10
openssl 2
ibm 45
securityvulns 5
threatpost 1
hackerone 4
slackware 1
checkpoint_advisories 1
zdt 1
redhatcve 1
seebug 1
openvas 27
archlinux 2
suse 3
altlinux 5
freebsd 1
centos 2
redhat 2
fedora 2
oraclelinux 2
amazon 2
citrix 1
thn 1
kitploit 1
symantec 1
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
veracode
veracode
Padding Oracle Attack
2017-01-27 03:10:31
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
ubuntucve
ubuntucve
CVE-2016-2107
2016-05-03 00:00:00
CVE-2013-0169
2013-02-08 00:00:00
CVE-2013-1624
2013-02-08 00:00:00
cve
cve
CVE-2016-2107
2016-05-05 01:59:00
CVE-2013-0169
2013-02-08 19:55:00
CVE-2013-1623
2013-02-08 19:55:00
debiancve
debiancve
CVE-2016-2107
2016-05-05 01:59:00
CVE-2013-0169
2013-02-08 19:55:00
CVE-2013-1624
2013-02-08 19:55:00
prion
prion
Design/Logic Flaw
2016-05-05 01:59:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)
2016-11-21 00:00:00
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
f5
f5
SOL93600123 - OpenSSL vulnerability CVE-2016-2107
2016-05-06 00:00:00
K93600123 : OpenSSL vulnerability CVE-2016-2107
2016-05-07 00:00:00
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2107
2016-05-03 00:00:00
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
ibm
ibm
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery &#40;aka “Lucky Thirteen”&#41; Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery &#40;aka “Lucky Thirteen”&#41; Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
threatpost
threatpost
OpenSSL Patches Padding Oracle Attack Bug
2016-05-03 12:17:47
hackerone
hackerone
Internet Bug Bounty: Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-07 16:35:28
LocalTapiola: OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
2016-12-30 07:16:36
FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.
2017-01-10 13:38:12
slackware
slackware
openssl
2013-02-11 23:49:59
checkpoint_advisories
checkpoint_advisories
OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)
2016-05-09 00:00:00
zdt
zdt
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
redhatcve
redhatcve
CVE-2016-2107
2016-05-03 14:48:50
seebug
seebug
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-04 00:00:00
openvas
openvas
SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability
2017-03-30 00:00:00
CentOS Update for java CESA-2013:0273 centos6
2013-02-22 00:00:00
Fedora Update for openssl FEDORA-2013-2834
2013-03-05 00:00:00
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
redhat
redhat
(RHSA-2013:0783) Moderate: openssl security update
2013-05-01 17:58:17
(RHSA-2013:0274) Important: java-1.6.0-openjdk security update
2013-02-20 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
[SECURITY] Fedora 18 Update: openssl-1.0.1e-3.fc18
2013-03-02 19:55:52
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.7%

JSON
Related for ALPINE:CVE-2016-2107
osv4veracode3ubuntucve10cve9debiancve5prion9nessus35f510openssl2ibm45securityvulns5threatpost1hackerone4slackware1checkpoint_advisories1zdt1redhatcve1seebug1openvas27archlinux2suse3altlinux5freebsd1centos2redhat2fedora2oraclelinux2amazon2citrix1thn1kitploit1symantec1