Lucene search
Ubuntu.comUB:CVE-2016-2107HistoryMay 03, 2016 - 12:00 a.m.
CVE-2016-2107
2016-05-0300:00:00
ubuntu.com
ubuntu.com
21
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.969 High
EPSS
Percentile
99.7%
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h
does not consider memory allocation during a certain padding check, which
allows remote attackers to obtain sensitive cleartext information via a
padding-oracle attack against an AES CBC session. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2013-0169.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 17.10 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
| ubuntu | 18.04 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
| ubuntu | 18.10 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
| ubuntu | 19.04 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
| ubuntu | 12.04 | noarch | openssl | < 1.0.1-4ubuntu5.36 | UNKNOWN |
| ubuntu | 14.04 | noarch | openssl | < 1.0.1f-1ubuntu2.19 | UNKNOWN |
| ubuntu | 15.10 | noarch | openssl | < 1.0.2d-0ubuntu1.5 | UNKNOWN |
| ubuntu | 16.04 | noarch | openssl | < 1.0.2g-1ubuntu4.1 | UNKNOWN |
| ubuntu | 16.10 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
| ubuntu | 17.04 | noarch | openssl | < 1.0.2g-1ubuntu5 | UNKNOWN |
Related
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
f5
f5
SOL93600123 - OpenSSL vulnerability CVE-2016-2107
2016-05-06 00:00:00
K93600123 : OpenSSL vulnerability CVE-2016-2107
2016-05-07 00:00:00
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2107
2016-05-03 00:00:00
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
prion
prion
Design/Logic Flaw
2016-05-05 01:59:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)
2016-11-21 00:00:00
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
alpinelinux
alpinelinux
CVE-2016-2107
2016-05-05 01:59:00
CVE-2018-0497
2018-07-28 17:29:00
veracode
veracode
Padding Oracle Attack
2017-01-27 03:10:31
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
cve
cve
debiancve
debiancve
ibm
ibm
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
EMC RSA BSAFE multiple security vulnerabilities
2013-07-15 00:00:00
openvas
openvas
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows
2021-08-17 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux
2021-08-17 00:00:00
Slackware: Security Advisory (SSA:2013-042-01)
2022-04-21 00:00:00
ubuntucve
ubuntucve
threatpost
threatpost
OpenSSL Patches Padding Oracle Attack Bug
2016-05-03 12:17:47
hackerone
hackerone
Internet Bug Bounty: Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-07 16:35:28
LocalTapiola: OpenSSL Padding Oracle Attack (CVE-2016-2107) on viestinta.lahitapiola.fi
2016-12-30 07:16:36
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
seebug
seebug
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-04 00:00:00
redhatcve
redhatcve
CVE-2016-2107
2016-05-03 14:48:50
checkpoint_advisories
checkpoint_advisories
OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)
2016-05-09 00:00:00
zdt
zdt
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
archlinux
archlinux
openssl: multiple issues
2016-05-04 00:00:00
lib32-openssl: multiple issues
2016-05-04 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
Security update for Java (important)
2013-02-22 20:04:33
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
Critical: openssl
2014-04-07 17:26:00
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
[SECURITY] Fedora 18 Update: openssl-1.0.1e-3.fc18
2013-03-02 19:55:52
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
redhat
redhat
(RHSA-2013:0274) Important: java-1.6.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0273) Critical: java-1.6.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0783) Moderate: openssl security update
2013-05-01 17:58:17
debian
debian
[SECURITY] [DSA 2621-1] openssl security update
2013-02-13 20:07:41
github
github
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:03.openssl
2013-04-02 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2013-03-15 03:20:11
AIX OpenSSH Vulnerability
2013-04-08 15:19:58
ubuntu
ubuntu
OpenSSL vulnerability
2013-03-25 00:00:00
OpenSSL regression
2013-02-28 00:00:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.969 High
EPSS
Percentile
99.7%
Related for UB:CVE-2016-2107