Lucene search
OpenSSLOPENSSL:CVE-2016-2107HistoryMay 03, 2016 - 12:00 a.m.
Vulnerability in OpenSSL CVE-2016-2107
2016-05-0300:00:00
www.openssl.org
279
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
Low
EPSS
0.968
Percentile
99.7%
A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.
Related
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)
2016-11-21 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
prion
prion
Design/Logic Flaw
2016-05-05 01:59:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
nvd
nvd
cvelist
cvelist
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
f5
f5
SOL93600123 - OpenSSL vulnerability CVE-2016-2107
2016-05-06 00:00:00
K93600123 : OpenSSL vulnerability CVE-2016-2107
2016-05-07 00:00:00
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
debiancve
debiancve
veracode
veracode
Padding Oracle Attack
2017-01-27 03:10:31
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
cve
cve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
CVE-2016-2107
2016-05-05 01:59:03
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
ibm
ibm
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
openvas
openvas
Slackware: Security Advisory (SSA:2013-042-01)
2022-04-21 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux
2021-08-17 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows
2021-08-17 00:00:00
redhatcve
redhatcve
CVE-2016-2107
2016-05-03 14:48:50
seebug
seebug
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-04 00:00:00
hackerone
hackerone
zdt
zdt
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)
2016-05-09 00:00:00
threatpost
threatpost
OpenSSL Patches Padding Oracle Attack Bug
2016-05-03 12:17:47
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
Low
EPSS
0.968
Percentile
99.7%
Related for OPENSSL:CVE-2016-2107