9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.2%
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.
Additionally the EXPORT and LOW ciphers were disabled since thay could
be used as part of the DROWN
(CVE-2016-0800)
and SLOTH
(CVE-2015-7575)
attacks, but note that the oldstable (wheezy) and stable (jessie)
distributions are not affected by those attacks since the SSLv2 protocol
has already been dropped in the openssl package version 1.0.0c-2.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.1e-2+deb7u20.
For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u4.
For the unstable distribution (sid), these problems will be fixed shortly.
We recommend that you upgrade your openssl packages.
CPE | Name | Operator | Version |
---|---|---|---|
openssl | eq | 1.0.1k-3 | |
openssl | eq | 1.0.1k-3+alpha | |
openssl | eq | 1.0.1k-3+deb8u1 | |
openssl | eq | 1.0.1k-3+deb8u2 | |
openssl | eq | 1.0.1k-3+deb8u3 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.2%