Security Bulletin: Padding Oracle Protection in IBM DataPower Gateways GatewayScript modules (CVE-2015-7412)

Summary IBM DataPower Gateways has addressed a Padding Oracle Protection vulnerability in GatewayScript decryption. Vulnerability Details CVEID: CVE-2015-7412 DESCRIPTION: IBM DataPower Gateways GatewayScript modules may be vulnerable to Padding Oracle attacks in some scenarios, which could allow...

Buffer overflow

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

CVE-2016-0704

CVE-2016-0800 is a padding-oracle vulnerability (DROWN) in SSLv2/Bleichenbacher context that can allow decryption of TLS traffic when a server supports SSLv2 with export ciphers. Connected advisories confirm it as a cross‑protocol attack enabling decryption of RSA ciphertext and note that several...

CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

CVE-2016-0704

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8zf. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8zf advisory. - An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before...

OpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0r. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0r advisory. - An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8z...