Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2016-0704

Published

7 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

CVSSv3.1 Score

Severity: Medium
Base Score: 5.9/10
Exploit Score: 2.2/10
Access Vector: Network
Access Complexity: High
Privileges Required: None
Impact Score: 3.6/10
Confidentiality Impact: High
Availability Impact: None
Integrity Impact: None
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0n:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0i:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0m:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0h:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0j:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0p:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0o:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0k:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0l:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0q:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl::::::::	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-0704

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-0704

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References