Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2016-2107

Published

7 years ago

Last Modified

2 months ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169..

CVSSv2.0 Score

Severity: Low
Base Score: 2.6/10
Exploit Score: 4.9/10
Access Vector: Network
Access Complexity: High
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

CVSSv3.1 Score

Severity: Medium
Base Score: 5.9/10
Exploit Score: 2.2/10
Access Vector: Network
Access Complexity: High
Privileges Required: None
Impact Score: 3.6/10
Confidentiality Impact: High
Availability Impact: None
Integrity Impact: None
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::*:	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::*	Yes	-	-
cpe:2.3:o:opensuse:leap:42.1:::::::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:13.2:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2g:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl::::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*	Yes	-	-
cpe:2.3:o:google:android:5.1.0:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.2:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.0.2:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.4.3:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.0.4:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.3:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.0.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.2.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:5.0.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:5.0:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.0.3:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.0:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.4:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.4.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.2.2:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.3.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.4.2:::::::*	Yes	-	-
cpe:2.3:o:google:android:5.1:::::::*	Yes	-	-
cpe:2.3:o:google:android:4.1.2:::::::*	Yes	-	-
cpe:2.3:a:hp:helion_openstack:2.1.2:::::::*	Yes	-	-
cpe:2.3:a:hp:helion_openstack:2.1.4:::::::*	Yes	-	-
cpe:2.3:a:hp:helion_openstack:2.1.0:::::::*	Yes	-	-
cpe:2.3:a:hp:helion_openstack:2.0.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::*:	Yes	-	-
cpe:2.3:a:nodejs:node.js:6.0.0:::::::*	Yes	-	-
cpe:2.3:a:nodejs:node.js:::::-:::*	Yes	4.0.0	-
cpe:2.3:a:nodejs:node.js::::::::	Yes	0.12.0	0.12.14
cpe:2.3:a:nodejs:node.js::::::::	Yes	0.10.0	0.10.45
cpe:2.3:a:nodejs:node.js:::::lts:::*	Yes	4.2.0	4.4.4
cpe:2.3:a:nodejs:node.js:::::-:::*	Yes	5.0.0	5.11.1
cpe:2.3:o:debian:debian_linux:8.0:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-2107

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-2107

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References