Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2016-2107

CVE information

Published

6 years ago

Last Modified

3 weeks ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

Description

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169..

CVSSv2.0 Score

Severity
Low
Base Score
2.6/10
Exploit Score
4.9/10
Access Vector
Network
Access Complexity
High
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
Medium
Base Score
5.9/10
Exploit Score
2.2/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
High
Availability Impact
None
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:hp:helion_openstack:2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:hp:helion_openstack:2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
4.0.0 -
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
  Yes
0.12.0 0.12.14
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
  Yes
0.10.0 0.10.45
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Yes
4.2.0 4.4.4
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
5.0.0 5.11.1
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  Yes
- -

References