Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SSL and TLS
Title:SSL/TLS: OpenSSL 'CVE-2016-2107' Padding Oracle Vulnerability
Summary:This host is installed with OpenSSL and is prone to padding oracle attack.
This host is installed with OpenSSL and is prone to padding oracle attack.

Vulnerability Insight:
The vulnerability is due to not considering memory allocation during a certain
padding check.

Vulnerability Impact:
Exploiting this vulnerability allows remote attackers to obtain sensitive cleartext
information via a padding oracle attack against an AES CBC session.

Affected Software/OS:
OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h.

OpenSSL 1.0.2 users should upgrade to 1.0.2h.

OpenSSL 1.0.1 users should upgrade to 1.0.1t.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-2107
BugTraq ID: 89760
BugTraq ID: 91787
Cisco Security Advisory: 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Debian Security Information: DSA-3566 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-16:17
RedHat Security Advisories: RHSA-2016:0722
RedHat Security Advisories: RHSA-2016:0996
RedHat Security Advisories: RHSA-2016:2073
RedHat Security Advisories: RHSA-2016:2957
SuSE Security Announcement: SUSE-SU-2016:1206 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1228 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1233 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1237 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1238 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1240 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1243 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search)
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.