CVE-2016-2107 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.2
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_workstation	7.0
opensuse	leap	42.1
opensuse	opensuse	13.2
openssl	openssl	𝑥 ≤ 1.0.1s
openssl	openssl	1.0.2
openssl	openssl	1.0.2:beta1
openssl	openssl	1.0.2:beta2
openssl	openssl	1.0.2:beta3
openssl	openssl	1.0.2a:a
openssl	openssl	1.0.2b:b
openssl	openssl	1.0.2c:c
openssl	openssl	1.0.2d:d
openssl	openssl	1.0.2e:e
openssl	openssl	1.0.2f:f
openssl	openssl	1.0.2g:g
google	android	4.0
google	android	4.0.1
google	android	4.0.2
google	android	4.0.3
google	android	4.0.4
google	android	4.1
google	android	4.1.2
google	android	4.2
google	android	4.2.1
google	android	4.2.2
google	android	4.3
google	android	4.3.1
google	android	4.4
google	android	4.4.1
google	android	4.4.2
google	android	4.4.3
google	android	5.0
google	android	5.0.1
google	android	5.1
google	android	5.1.0
hp	helion_openstack	2.0.0
hp	helion_openstack	2.1.0
hp	helion_openstack	2.1.2
hp	helion_openstack	2.1.4
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_hpc_node	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
nodejs	node.js	0.10.0 ≤ 𝑥 < 0.10.45
nodejs	node.js	0.12.0 ≤ 𝑥 < 0.12.14
nodejs	node.js	4.0.0 ≤ 𝑥 ≤ 4.1.2
nodejs	node.js	4.2.0 ≤ 𝑥 < 4.4.4
nodejs	node.js	5.0.0 ≤ 𝑥 < 5.11.1
nodejs	node.js	6.0.0
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
canonical	ubuntu_linux	16.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

artful	Fixed 1.0.2g-1ubuntu5 released
bionic	Fixed 1.0.2g-1ubuntu5 released
cosmic	Fixed 1.0.2g-1ubuntu5 released
disco	Fixed 1.0.2g-1ubuntu5 released
precise	Fixed 1.0.1-4ubuntu5.36 released
trusty	Fixed 1.0.1f-1ubuntu2.19 released
wily	Fixed 1.0.2d-0ubuntu1.5 released
xenial	Fixed 1.0.2g-1ubuntu4.1 released
yakkety	Fixed 1.0.2g-1ubuntu5 released
zesty	Fixed 1.0.2g-1ubuntu5 released

openssl098

artful	dne
bionic	dne
cosmic	dne
disco	dne
precise	ignored
trusty	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

http://rhn.redhat.com/errata/RHSA-2016-0722.html

http://rhn.redhat.com/errata/RHSA-2016-0996.html

http://rhn.redhat.com/errata/RHSA-2016-2073.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://source.android.com/security/bulletin/2016-07-01.html

http://support.citrix.com/article/CTX212736

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html

http://www.debian.org/security/2016/dsa-3566

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/89760

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035721

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

http://www.ubuntu.com/usn/USN-2959-1

https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/

https://bto.bluecoat.com/security-advisory/sa123

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

https://kc.mcafee.com/corporate/index?page=content&id=SB10160

https://security.gentoo.org/glsa/201612-16

https://security.netapp.com/advisory/ntap-20160504-0001/

https://support.apple.com/HT206903

https://www.exploit-db.com/exploits/39768/

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc

https://www.openssl.org/news/secadv/20160503.txt

https://www.tenable.com/security/tns-2016-18

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

http://rhn.redhat.com/errata/RHSA-2016-0722.html

http://rhn.redhat.com/errata/RHSA-2016-0996.html

http://rhn.redhat.com/errata/RHSA-2016-2073.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://source.android.com/security/bulletin/2016-07-01.html

http://support.citrix.com/article/CTX212736

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html

http://www.debian.org/security/2016/dsa-3566

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/89760

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035721

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

http://www.ubuntu.com/usn/USN-2959-1

https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/

https://bto.bluecoat.com/security-advisory/sa123

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

https://kc.mcafee.com/corporate/index?page=content&id=SB10160

https://security.gentoo.org/glsa/201612-16

https://security.netapp.com/advisory/ntap-20160504-0001/

https://support.apple.com/HT206903

https://www.exploit-db.com/exploits/39768/

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc

https://www.openssl.org/news/secadv/20160503.txt

https://www.tenable.com/security/tns-2016-18