Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2016-2107

Published: 05/05/2016 Updated: 16/02/2024
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 271
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Redhat

Vulnerability Summary

The AES-NI implementation in OpenSSL prior to 1.0.1t and 1.0.2 prior to 1.0.2h does not consider memory allocation during a certain padding check, which allows remote malicious users to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux server eus 7.2

redhat enterprise linux hpc node eus 7.2

opensuse leap 42.1

opensuse opensuse 13.2

openssl openssl 1.0.2a

openssl openssl 1.0.2e

openssl openssl 1.0.2b

openssl openssl 1.0.2g

openssl openssl 1.0.2c

openssl openssl 1.0.2

openssl openssl

openssl openssl 1.0.2f

openssl openssl 1.0.2d

google android 5.1.0

google android 4.2

google android 4.1

google android 4.0.2

google android 4.4.3

google android 4.0.4

google android 4.3

google android 4.0.1

google android 4.2.1

google android 5.0.1

google android 5.0

google android 4.0.3

google android 4.0

google android 4.4

google android 4.4.1

google android 4.2.2

google android 4.3.1

google android 4.4.2

google android 5.1

google android 4.1.2

hp helion openstack 2.1.2

hp helion openstack 2.1.4

hp helion openstack 2.1.0

hp helion openstack 2.0.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

nodejs node.js 6.0.0

nodejs node.js

debian debian linux 8.0

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic An update for openssl is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...
Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian Security Advisories: DSA-3566-1 openssl -- security update
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data This could lead to a heap corruption CVE-2016-2106 Guido Vranken discov ...
Amazon Linux AMI: ALAS-2016-695
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI (CVE-2016-2107, Important) It was discovered that the ASN1 parser can misinterpret a large universal tag as a negative value If an application deserializ ...
Red Hat: CVE-2016-2107
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle ...
Tenable Security Advisories: [R5] OpenSSL '20160503' Advisory Affects Tenable Products
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time The issues include: CVE-2016-2107 - OpenSSL AES-N ...
Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities
The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...
Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS OpenSSL ASN1 Encoder Negative Zero Value ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration) or an attacker on the management network to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and includin ...
Citrix Security Bulletins: Citrix XenServer 7.2 Multiple Security Updates
Description of Problem A number of security issues have been identified within Citrix XenServer 72 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic Collectively, this has been rated as a medium severity vulnerability; the following issues have been remediated: C ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Source: web-in-securityblogspotca/2016/05/curious-padding-oracle-in-openssl-cvehtml TLS-Attacker: githubcom/RUB-NDS/TLS-Attacker githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39768zip You can use TLS-Attacker to build a proof of concept and test your implementation You just start TLS-Atta ...
Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Github Repositories

https://github.com/ZiDuNet/Note

安全,渗透

Note 漏洞及渗透练习平台: WebGoat漏洞练习平台: githubcom/WebGoat/WebGoat webgoat-legacy漏洞练习平台: githubcom/WebGoat/WebGoat-Legacy zvuldirll漏洞练习平台: githubcom/710leo/ZVulDrill vulapps漏洞练习平台: githubcom/Medicean/VulApps dvwa漏洞练习平台: githubcom/RandomStorm/DVWA 数据库

https://github.com/hantiger/-

漏洞及渗透练习平台 数据库注入练习平台 花式扫描器 信息搜集工具 WEB工具 windows域渗透工具 漏洞利用及攻击框架 漏洞POC&EXP 中间人攻击及钓鱼 密码破解 二进制及代码分析工具 EXP编写框架及工具 隐写相关工具 各类安全资料 各类CTF资源 各类编程资源 Python 漏洞及渗透练习平台 WebG

https://github.com/hackstoic/hacker-tools-projects

title 黑客工具大搜罗 各种好玩的安全攻防工具。 安全工具(go语言) 序号 名称 项目地址 简介 1 gomitmproxy githubcom/sheepbao/gomitmproxy GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。 2 Hyperfox githubcom/xiam/hyperfox

https://github.com/FiloSottile/CVE-2016-2107

Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)

CVE-2016-2107 Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107) Installation $ go version go version go162 darwin/amd64 $ go get githubcom/FiloSottile/CVE-2016-2107 This tool only builds with Go 16+, and only when downloaded to the right position in the $GOPATH Usage $ CVE-2016-2107 filippoio 2016/05/03 17:50:49 Vu

https://github.com/RUB-NDS/WS-TLS-Scanner

The TLS-Scanner for the SIWECOS Project

WS-TLS-Scanner WS-TLS-Scanner is a Webservice created by the Chair for Network and Data Security from the Ruhr-University Bochum for the integration of the TLS-Scanner in the SIWECOS Project The Webservice scans a provided URL for various TLS misconfigurations and responds with a JSON report Compiling In order to compile and use WS-TLS-Scanner, you need to have Java installed

https://github.com/compilenix/tls-tester

Donate if you want wwwpaypalme/compilenix How it looks Slack CLI All config settings (or defaults via Configexamplejs) are overwritten by cli parameters! node indexjs --enableSlack false --domains wwwmicrosoftcom,expiredbadsslcom --ignore Expire,PubKeySize Usage install nvm (githubcom/creationix/nvm) install c/

https://github.com/Vxer-Lee/Hack_Tools

黑客工具库

漏洞及渗透练习平台: WebGoat漏洞练习平台: githubcom/WebGoat/WebGoat webgoat-legacy漏洞练习平台: githubcom/WebGoat/WebGoat-Legacy zvuldirll漏洞练习平台: githubcom/710leo/ZVulDrill vulapps漏洞练习平台: githubcom/Medicean/VulApps dvwa漏洞练习平台: githubcom/RandomStorm/DVWA 数据库注入

https://github.com/krabelize/openbsd-httpd-tls-config

OpenBSD httpd configuration for perfect TLS SSL Labs score A+

OpenBSD httpd TLS Let's Encrypt configuration for perfect A+ SSLLabs score OpenBSD httpd configuration for perfect TLS SSL Labs score A+ with Let's Encrypt (acme-client) Use this httpd config file Tested on OpenBSD 68 Server Key and Certificate #1 Setting Variable Subject cryptsuscom Fingerprint SHA256 a4b481ad06b99a4a32919f2d5c8f48291bdc4d15878261963aa

https://github.com/scuechjr/Sec-Box

简介 Copy From tengzhangchao 's githubcom/tengzhangchao/Sec-Boxgit 20190810 src:安全行业小工具以及学习资源收集项目,此项目部分内容来自:wwwt00lsnet/thread-38964-1-1html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程

https://github.com/1o24er/Python-

Python工具库(感谢backlion整理) 漏洞及渗透练习平台: WebGoat漏洞练习平台: githubcom/WebGoat/WebGoat webgoat-legacy漏洞练习平台: githubcom/WebGoat/WebGoat-Legacy zvuldirll漏洞练习平台: githubcom/710leo/ZVulDrill vulapps漏洞练习平台: githubcom/Medicean/VulApps dvwa漏洞练习平台: g

https://github.com/tmiklas/docker-cve-2016-2107

Docker container implementing tests for CVE-2016-2107 - LuckyNegative20

docker-cve-2016-2107 Docker container implementing tests for CVE-2016-2107 - LuckyNegative20 About Dockerized test for CVE-2016-2107 Code written by Filippo Valsorda: GitHub zero to decryption blog explaining the vulenrabiltiy online CVE-2016-2107 test Update Current version is using static linking to get tiny output file and no dependencies, this way I could use scratch as

https://github.com/psc4re/SSLtest

SSL check through SSL Labs API

SSLtest Text output generated Following is reported: SSL Cert Grade Logjam Heartbleed Beast RC4 Support Poodle PoodleTLS Luckyminus20 CVE-2016-2107 Usage: python ssltestpy wwwdomaincom

https://github.com/cream492/pentest-tools

渗透测试必备工具

-渗透测试必备工具 网上看到渗透测试工具总结不错的文章,转发过来供大家一起学习,链接为:wwwjianshucom/p/9936da5effed 以及wwwsec-redclubcom/indexphp/archives/484/ 如有问题,请联系我! WebGoat漏洞练习环境 githubcom/WebGoat/WebGoat githubcom/WebGoat/WebGoat-Legacy Damn Vulnerable Web Ap

https://github.com/githuberxu/Project

简介 安全行业小工具以及学习资源收集项目,此项目部分内容来自:wwwt00lsnet/thread-38964-1-1html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程,学习平台等等。 设备基线加固资料 githubcom/re4lity/Benchmarks

https://github.com/yige666/web-

简介 安全行业小工具以及学习资源收集项目,此项目部分内容来自:wwwt00lsnet/thread-38964-1-1html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程,学习平台等等。 设备基线加固资料 githubcom/re4lity/Benchmarks

https://github.com/birdhan/Security_Tools

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

项目介绍(攻击视角) 搜集大量网络安全行业开源项目,旨在提供安全测试工具,提升渗透测试效率。 项目收集的思路: 一个是以攻击/漏洞视角出发的开源项目,经网络安全爱好者实践总结出的经验。 一个是从渗透测试流程出发,沿着信息收集到内网渗透的思路,总结出漏洞扫描、漏

https://github.com/jay900323/SecurityTools

网络安全工具汇总

SecurityTools 网络安全工具汇总 漏洞及渗透练习平台 WebGoat漏洞练习环境 githubcom/WebGoat/WebGoat githubcom/WebGoat/WebGoat-Legacy Damn Vulnerable WebApplication(漏洞练习平台) githubcom/RandomStorm/DVWA 数据库注入练习平台 githubcom/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Go

https://github.com/krabelize/openbsd-httpd-tls-config-ssllabs

OpenBSD httpd configuration for perfect TLS SSL Labs score A+

OpenBSD httpd TLS Let's Encrypt configuration for perfect A+ SSLLabs score OpenBSD httpd configuration for perfect TLS SSL Labs score A+ with Let's Encrypt (acme-client) Use this httpd config file Tested on OpenBSD 68 Server Key and Certificate #1 Setting Variable Subject cryptsuscom Fingerprint SHA256 a4b481ad06b99a4a32919f2d5c8f48291bdc4d15878261963aa

https://github.com/krabelize/openbsd-httpd-tls-perfect-ssllabs-score

OpenBSD httpd configuration for perfect TLS SSL Labs score A+

OpenBSD httpd TLS Let's Encrypt configuration for perfect A+ SSLLabs score OpenBSD httpd configuration for perfect TLS SSL Labs score A+ with Let's Encrypt (acme-client) Use this httpd config file Tested on OpenBSD 68 Server Key and Certificate #1 Setting Variable Subject cryptsuscom Fingerprint SHA256 a4b481ad06b99a4a32919f2d5c8f48291bdc4d15878261963aa

https://github.com/hannob/tls-what-can-go-wrong

TLS - what can go wrong?

TLS - what can go wrong? Key generation Debian weak keys ROCA Shared prime factors (mining ps and qs) Shared non-private keys (eg using default keys shipped with applications) RSA encryption handshake Bleichenbacher, Klima, ROBOT etc attacks SSLv2 Bleichenbacher attack (DROWN) RSA signature handshake RSA-CRT bug / modexp miscalculation (signature generation) Bleichenbac

https://github.com/birdhan/SecurityTools

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

项目介绍(攻击视角) 搜集大量网络安全行业开源项目,旨在提供安全测试工具,提升渗透测试效率。 项目收集的思路: 一个是以攻击/漏洞视角出发的开源项目,经网络安全爱好者实践总结出的经验。 一个是从渗透测试流程出发,沿着信息收集到内网渗透的思路,总结出漏洞扫描、漏

Recent Articles

Yay! It's International Patch Your Scary OpenSSL Bugs Day!
The Register • Iain Thomson in San Francisco • 03 May 2016

Two innocent programming blunders breed high-risk flaw

Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2. Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible. CVE-2016-2108 is a curious beast; a hybrid of two low-risk bugs that can be fused into a serious problem. The first is a seemingly innocuous issue with the ASN.1 parser whereby if a zero is re...

Read more...

References

CWE-310CWE-200https://www.openssl.org/news/secadv/20160503.txthttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862https://kc.mcafee.com/corporate/index?page=content&id=SB10160http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlhttp://source.android.com/security/bulletin/2016-07-01.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0722.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0996.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttps://support.apple.com/HT206903http://www.securityfocus.com/bid/91787https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149http://www.securityfocus.com/bid/89760http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlhttp://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.htmlhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.aschttps://www.exploit-db.com/exploits/39768/http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlhttp://www.ubuntu.com/usn/USN-2959-1http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlhttp://www.securitytracker.com/id/1035721http://www.debian.org/security/2016/dsa-3566http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlhttps://bto.bluecoat.com/security-advisory/sa123http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.htmlhttp://support.citrix.com/article/CTX212736https://security.gentoo.org/glsa/201612-16http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://www.tenable.com/security/tns-2016-18https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_ushttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.netapp.com/advisory/ntap-20160504-0001/http://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2073.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292https://access.redhat.com/errata/RHSA-2016:2073https://usn.ubuntu.com/2959-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39768/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook