Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:3328
HistoryJan 25, 2017 - 2:53 a.m.

Cache-timing Attack

2017-01-2502:53:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

OpenSSL is vulnerable to a cache-timing attack. The attack exists due to a flaw in signing function of crypto/ecdsa/ecdsa_ossl.c which sets the BN_FLG_CONSTTIME flag for nonces instead of taking a secure code path in the BN_mod_inverse method.

References

Related

ubuntucve 1
openvas 15
redhatcve 1
osv 3
f5 1
debiancve 1
prion 1
nessus 19
cve 1
freebsd 1
threatpost 2
debian 2
suse 3
cloudfoundry 1
ubuntu 1
ibm 2
redhat 5
androidsecurity 1
apple 2
ubuntucve
ubuntucve
CVE-2016-7056
2016-12-31 00:00:00
openvas
openvas
Apple Mac OS X Information Disclosure Vulnerability (HT207615)
2017-05-19 00:00:00
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Windows
2018-09-11 00:00:00
OpenSSL: Information Disclosure Vulnerability (CVE-2016-7056) - Linux
2018-09-11 00:00:00
redhatcve
redhatcve
CVE-2016-7056
2019-10-09 15:49:25
osv
osv
CVE-2016-7056
2018-09-10 16:29:00
openssl - security update
2017-02-01 00:00:00
openssl - security update
2017-01-27 00:00:00
f5
f5
K32743437 : OpenSSL vulnerability CVE-2016-7056
2017-01-31 00:00:00
debiancve
debiancve
CVE-2016-7056
2018-09-10 16:29:00
prion
prion
Code injection
2018-09-10 16:29:00
nessus
nessus
FreeBSD : openssl -- timing attack vulnerability (7caebe30-d7f1-11e6-a9a5-b499baebfeaf)
2017-01-12 00:00:00
openSUSE Security Update : libressl (openSUSE-2017-222)
2017-02-09 00:00:00
openSUSE Security Update : libressl (openSUSE-2017-561)
2017-05-09 00:00:00
cve
cve
CVE-2016-7056
2018-09-10 16:29:00
freebsd
freebsd
openssl -- timing attack vulnerability
2017-01-10 00:00:00
threatpost
threatpost
Ubuntu Update Includes OpenSSL Fixes
2017-02-01 14:50:11
OpenSSL Update Fixes High Severity DoS Vulnerability
2017-02-21 16:02:20
debian
debian
[SECURITY] [DLA 814-1] openssl security update
2017-02-01 23:12:31
[SECURITY] [DSA 3773-1] openssl security update
2017-01-27 19:48:57
suse
suse
Security update for openssl (important)
2018-01-16 18:08:42
Security update for openssl-steam (important)
2018-02-16 12:07:45
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
cloudfoundry
cloudfoundry
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2017-01-31 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server
2018-10-29 15:00:02
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48
redhat
redhat
(RHSA-2017:1413) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7
2017-06-07 17:33:35
(RHSA-2017:1415) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1
2017-06-07 17:34:13
(RHSA-2017:1414) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
2017-06-07 17:33:56
androidsecurity
androidsecurity
Android Security Bulletin—May 2017
2017-05-01 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
2017-03-27 00:00:00
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for VERACODE:3328
ubuntucve1openvas15redhatcve1osv3f51debiancve1prion1nessus19cve1freebsd1threatpost2debian2suse3cloudfoundry1ubuntu1ibm2redhat5androidsecurity1apple2