CVE-2016-0800 · threatengine.sh

Home/CVE/The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

MEDIUM · CVSS 5.9 EPSS 0.90348

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 0% of all CVEs by exploitation likelihood

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-200Exposure of Sensitive Information to an Unauthorized Actor

▤

Affected Products & Versions

3

opensslall versions
pulsesecure clientall versions
pulsesecure steel belted radiusall versions

▣

Scoring & Timeline

5.9

MEDIUM · CVSS v3.0 · secalert@redhat.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD01 Mar 2016 · 08:59 PM

CVSS VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

⚑

Vendor Advisories

28

suse-csafopenSUSE-SU-2024:10271-1
suse-csafopenSUSE-SU-2024:10529-1
suse-csafopenSUSE-SU-2024:11127-1
siemens-csafSSA-412672
suse-csafSUSE-SU-2016:1057-1
Show all 28 vendor advisoriessuse-csafSUSE-SU-2016:0786-1
suse-csafSUSE-SU-2016:0778-1
suse-csafSUSE-SU-2016:0748-1
suse-csafSUSE-SU-2016:0641-1
suse-csafSUSE-SU-2016:0631-1
rhsaRHSA-2016:0490Important
rhsaRHSA-2016:1519Important
rhsaRHSA-2016:0372Important
rhsaRHSA-2016:0304Important
rhsaRHSA-2016:0305Important
rhsaRHSA-2016:0306Important
rhsaRHSA-2016:0301Important
rhsaRHSA-2016:0302Important
rhsaRHSA-2016:0445Important
rhsaRHSA-2016:0379Important
rhsaRHSA-2016:0303Important
rhsaRHSA-2016:0446Important
suse-csafSUSE-SU-2016:0617-1
suse-csafSUSE-SU-2016:0620-1
suse-csafSUSE-SU-2016:0621-1
suse-csafSUSE-SU-2016:0624-1
cisa-csafcisa-csaf-csaf_files-OT-white-2016-icsa-16-103-03c
cisa-csafcisa-csaf-csaf_files-OT-white-2022-icsa-22-349-21

🔗

References & Sources

63

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html

Show all 63 references

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

http://marc.info/?l=bugtraq&m=145983526810210&w=2

http://marc.info/?l=bugtraq&m=146108058503441&w=2

http://marc.info/?l=bugtraq&m=146133665209436&w=2

http://rhn.redhat.com/errata/RHSA-2016-1519.html

http://support.citrix.com/article/CTX208403

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/83733

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035133

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf

https://access.redhat.com/security/vulnerabilities/drown

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf

https://drownattack.com

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

https://kc.mcafee.com/corporate/index?page=content&id=SB10154

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

https://security.gentoo.org/glsa/201603-15

https://security.netapp.com/advisory/ntap-20160301-0001/

https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18

https://www.kb.cert.org/vuls/id/583776

https://www.openssl.org/news/secadv/20160301.txt

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin