CVE-2016-0704

🗓️ 02 Mar 2016 00:00:00Reported by redhatType

An oracle protection mechanism in the get_client_master_key function in the SSLv2 implementation in OpenSSL overwrites incorrect MASTER-KEY bytes during use of export cipher suites, making it easier for remote attackers to decrypt TLS ciphertext data

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: March 2016 OpenSSL Vulnerabilities affect Multiple N series Products	15 Dec 202118:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842).	24 Jul 202022:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect Rational Software Architect and Rational Software Architect for WebSphere Software	10 Sep 202017:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified	18 Jun 201800:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, and CVE-2016-0704)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix	9 Aug 201804:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus	23 Mar 202020:41	–	ibm

NVD

Node

openssl opensslRange≤0.9.8ze

openssl opensslMatch1.0.0

openssl opensslMatch1.0.0beta1

openssl opensslMatch1.0.0beta2

openssl opensslMatch1.0.0beta3

openssl opensslMatch1.0.0beta4

openssl opensslMatch1.0.0beta5

openssl opensslMatch1.0.0a

openssl opensslMatch1.0.0b

openssl opensslMatch1.0.0c

openssl opensslMatch1.0.0d

openssl opensslMatch1.0.0e

openssl opensslMatch1.0.0f

openssl opensslMatch1.0.0g

openssl opensslMatch1.0.0h

openssl opensslMatch1.0.0i

openssl opensslMatch1.0.0j

openssl opensslMatch1.0.0k

openssl opensslMatch1.0.0l

openssl opensslMatch1.0.0m

openssl opensslMatch1.0.0n

openssl opensslMatch1.0.0o

openssl opensslMatch1.0.0p

openssl opensslMatch1.0.0q

openssl opensslMatch1.0.1

openssl opensslMatch1.0.1beta1

openssl opensslMatch1.0.1beta2

openssl opensslMatch1.0.1beta3

openssl opensslMatch1.0.1a

openssl opensslMatch1.0.1b

openssl opensslMatch1.0.1c

openssl opensslMatch1.0.1d

openssl opensslMatch1.0.1e

openssl opensslMatch1.0.1f

openssl opensslMatch1.0.1g

openssl opensslMatch1.0.1h

openssl opensslMatch1.0.1i

openssl opensslMatch1.0.1j

openssl opensslMatch1.0.1k

openssl opensslMatch1.0.1l

openssl opensslMatch1.0.2

openssl opensslMatch1.0.2beta1

openssl opensslMatch1.0.2beta2

openssl opensslMatch1.0.2beta3

Source	Link
lists	www.lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
security	www.security.freebsd.org/advisories/FreeBSD-SA-16:12.openssl.asc
security	www.security.gentoo.org/glsa/201603-15
securityfocus	www.securityfocus.com/bid/83764
lists	www.lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
kb	www.kb.juniper.net/InfoCenter/index
lists	www.lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
openssl	www.openssl.org/news/secadv/20160301.txt
oracle	www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

06 May 2026 22:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.3

CVSS 35.9

EPSS0.05992

CWE-200