what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

CVE-2016-0800

Status Candidate

Overview

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Related Files

HPE Security Bulletin HPESBHF03741 1
Posted May 4, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03741 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information, or locally exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 273a8e07f2cfd72d286f3067512289a13cef04a30487bc2abfabe81687e89a5e
HPE Security Bulletin HPESBGN03698 1
Posted Feb 13, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03698 1 - Multiple security vulnerabilities in OpenSSL have been addressed in HPE DDMi. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2016-0800, CVE-2016-2017, CVE-2016-2018, CVE-2016-2107, CVE-2016-2108
SHA-256 | 72e0bf35dd974663c4f5f225e2511c6d4094f26138404130089e9ab9c6be4685
HP Security Bulletin HPSBNS03661 1
Posted Oct 14, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBNS03661 1 - A security vulnerability in OpenSSL was addressed by NonStop Backbox. The vulnerability could be exploited resulting in remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2016-0800
SHA-256 | e6b9efcb6842563922d9c550659a03379aa4f8ab06c9d690e53c5d735aace4b3
Red Hat Security Advisory 2016-1519-01
Posted Jul 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1519-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.6 release serves as a replacement for JBoss Operations Network 3.3.5, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5220, CVE-2016-0800, CVE-2016-3737
SHA-256 | 9e8eda7cc87b09b7d965a2368ef110c52ca58a71169b633cc43b9d107529ee95
HP Security Bulletin HPSBNS03625 1
Posted Jun 16, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBNS03625 1 - NonStop Application Server for Java (NSASJ) has addressed the cross-protocol Attack on TLS using SSLv2 also known as "DROWN". This vulnerability could be exploited remotely resulting in disclosure of information. Note: NSASJ configurations that have enabled SSL/TLS are vulnerable if SSLv2 is enabled or they share private keys with systems that have it enabled. Revision 1 of this advisory.

tags | advisory, java, protocol
advisories | CVE-2016-0800
SHA-256 | c3e94f79879e500eb0df374f911ece7d9787942c754b7671f21cb5eb956ce26f
HP Security Bulletin HPSBMU03607 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol, csrf
advisories | CVE-2008-5161, CVE-2014-3566, CVE-2015-0705, CVE-2015-1789, CVE-2015-1791, CVE-2015-3194, CVE-2015-5600, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 0fcaa98109f349b0cc14e9fe32a0f10dcbf38053afd926747b325159bfe4984a
HP Security Bulletin HPSBMU03601 1
Posted May 25, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03601 1 - HPE Insight Control server deployment has addressed the following security vulnerabilities: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN" which could be exploited remotely resulting in disclosure of information Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) Multiple vulnerabilities that can be exploited locally resulting in Cross-site scripting (XSS), and Information Disclosure. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol, xss, info disclosure
advisories | CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 5d35db5021a3e1e977bf248f0f4d2e0973624f00926593096b12913d74b63dac
HP Security Bulletin HPSBHF03579 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03579 1 - HPE ConvergedSystem for SAP HANA has addressed security vulnerabilities in OpenSSL. The Cross-protocol Attack on TLS using SSLv2, also known as "DROWN", could be could be remotely exploited resulting in disclosure of privileged information, unauthorized access to data, and unauthorized access to sensitive information. Revision 1 of this advisory.

tags | advisory, vulnerability, protocol
advisories | CVE-2016-0800
SHA-256 | 839547502680a606065e72839f52dfc00f6e75d89e9b9b2ef70a67959bf073f8
HP Security Bulletin HPSBGN03587 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03587 1 - 3rd party code template: A security vulnerability in Open vSwitch could potentially impact HPE Helion OpenStack resulting in a remote denial of Service (DoS) or arbitrary command execution. HPE Helion OpenStack has also addressed several OpenSSL vulnerabilities including: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) or other impacts. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
advisories | CVE-2016-0703, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | d4fceaa0ba4a7864b939e73b9efc7e9a3c3d9f771140a67054d955accf574196
HP Security Bulletin HPSBMU03573 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03573 1 - A potential security vulnerability has been identified with HPE System Management Homepage (SMH) on Windows and Linux. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2016-0800
SHA-256 | 0f9a8afa3e02fde39f49085d5941c36ef63fb1b0db9a70d41a775c34c9b30791
HP Security Bulletin HPSBMU03575 1
Posted Apr 19, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03575 1 - HP Smart Update Manager (SUM) has addressed the following vulnerabilities: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) or other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol
advisories | CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 951b9459376328c5cc2cb9fbe9d2e7233b6bd702b9e72e647dbe0a71bf95c52e
HP Security Bulletin HPSBGN03569 2
Posted Apr 7, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03569 2 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 2 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-3566, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | fef3d41637e48d083862ff126529ccde22bdff9c792cc65ee94e07dafe71a719
HP Security Bulletin HPSBGN03569 1
Posted Apr 6, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03569 1 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-3566, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | ba96f809d6edd6493b69b5512fafd074d2553430432ef066408a44fa3cf3e38b
Red Hat Security Advisory 2016-0490-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0490-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.

tags | advisory, java, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
SHA-256 | 5acd2c526da16235e590f280881bf7c08e3d07dd82e68161ed9d958c6754780e
Gentoo Linux Security Advisory 201603-15
Posted Mar 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-15 - Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. Versions less than 1.0.2g-r2 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 6f0722d9e284f07b269abf7998e9e52da12fdf8dcb8e32ab4f709a7b253f0481
Red Hat Security Advisory 2016-0446-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0446-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
SHA-256 | d333c4a0aeaf04680a2bdc87ee36d64906dbd2a4daad9efa0e70eb3578890175
Red Hat Security Advisory 2016-0445-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0445-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
SHA-256 | c097468913b971121d549c7ff8f04c7fe7ab81d56f0adfaf010974f48181aec2
Red Hat Security Advisory 2016-0379-01
Posted Mar 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0379-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
SHA-256 | 1cc214b641b5bda32f5dc10666b2a6b70654295af330c0b73323cea0e135646c
Red Hat Security Advisory 2016-0372-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0372-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | aa8f036d56f9b0e13c768cf2151510ad156a6f08cfe9d1ec6ed4a22fc748a223
Slackware Security Advisory - openssl Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 264c7d3a0be7e52080a43814d32ce36c6ea5a6fb431cee874379e6cfa549c6e4
Red Hat Security Advisory 2016-0306-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 12d8bd2deb212825bc9f9f56e0fa1b109f58f9c894fcecb04e7ee03e38ed646e
Red Hat Security Advisory 2016-0305-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0305-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0800
SHA-256 | 0952f245c913f0d441f710c0e32f918dac6fc3b44edaff68a2b1b5357255344b
Red Hat Security Advisory 2016-0304-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 947119e9fd5d8f11486ab1908732c47d26541cd1c088d1e31ab0fea8539714b4
Red Hat Security Advisory 2016-0303-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0303-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 6c5b44e7561b441a8e824a9fa4d340b6a7a2b33511056e4ef067b57cd2fa096b
Red Hat Security Advisory 2016-0302-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0302-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0797, CVE-2016-0800
SHA-256 | 7f307653c8a35db568106e61a7b17d8070ee4b40d776118f84222053ea23e83c
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close