Details of VAR-201605-0075

ID

VAR-201605-0075

CVE

CVE-2016-2105

TITLE

Red Hat Security Advisory 2016-1648-01

Trust: 0.1

sources: PACKETSTORM: 138471

DESCRIPTION

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. (CVE-2016-5387) * It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2016-3110) * It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05320149 Version: 1 HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-10-26 Last Updated: 2016-10-26 Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. References: - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information - CVE-2016-2106 - OpenSSL, Denial of Service (DoS) - CVE-2016-2109 - OpenSSL, Denial of Service (DoS) - CVE-2016-2105 - OpenSSL, Denial of Service (DoS) - CVE-2016-3739 - cURL and libcurl, Remote code execution - CVE-2016-5388 - "HTTPoxy", Apache Tomcat - CVE-2016-5387 - "HTTPoxy", Apache HTTP Server - CVE-2016-5385 - "HTTPoxy", PHP - CVE-2016-4543 - PHP, multiple impact - CVE-2016-4071 - PHP, multiple impact - CVE-2016-4072 - PHP, multiple impact - CVE-2016-4542 - PHP, multiple impact - CVE-2016-4541 - PHP, multiple impact - CVE-2016-4540 - PHP, multiple impact - CVE-2016-4539 - PHP, multiple impact - CVE-2016-4538 - PHP, multiple impact - CVE-2016-4537 - PHP, multiple impact - CVE-2016-4343 - PHP, multiple impact - CVE-2016-4342 - PHP, multiple impact - CVE-2016-4070 - PHP, Denial of Service (DoS) - CVE-2016-4393 - PSRT110263, XSS vulnerability - CVE-2016-4394 - PSRT110263, HSTS vulnerability - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow - PSRT110145 - PSRT110263 - PSRT110115 - PSRT110116 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE System Management Homepage - all versions prior to v7.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2105 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2106 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2107 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2016-2109 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-3739 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) CVE-2016-4070 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4071 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4072 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4342 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) CVE-2016-4343 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-4393 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) CVE-2016-4394 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE-2016-4395 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4396 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4537 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4538 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4539 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4540 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4541 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4543 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5385 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5387 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5388 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 * Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH). Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations: * <https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html> HISTORY Version:1 (rev.1) - 26 October 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 1.53

sources: NVD: CVE-2016-2105 // VULHUB: VHN-90924 // PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 138472 // PACKETSTORM: 136958 // PACKETSTORM: 139115 // PACKETSTORM: 139379

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.45	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	5.11.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.4.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0

sources: NVD: CVE-2016-2105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2105
value:	HIGH
Trust: 1.0
VULHUB:	VHN-90924
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-90924
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-90924 // NVD: CVE-2016-2105

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-189	Trust: 0.1

sources: VULHUB: VHN-90924 // NVD: CVE-2016-2105

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 136958

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90924

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2105	Trust: 1.7
db:	BID	id:	91787	Trust: 1.1
db:	BID	id:	89757	Trust: 1.1
db:	SECTRACK	id:	1035721	Trust: 1.1
db:	MCAFEE	id:	SB10160	Trust: 1.1
db:	PACKETSTORM	id:	136912	Trust: 1.1
db:	TENABLE	id:	TNS-2016-18	Trust: 1.1
db:	SIEMENS	id:	SSA-412672	Trust: 1.1
db:	JUNIPER	id:	JSA10759	Trust: 1.1
db:	PACKETSTORM	id:	138471	Trust: 0.2
db:	PACKETSTORM	id:	138472	Trust: 0.2
db:	PACKETSTORM	id:	139379	Trust: 0.2
db:	PACKETSTORM	id:	143513	Trust: 0.1
db:	PACKETSTORM	id:	136895	Trust: 0.1
db:	PACKETSTORM	id:	142803	Trust: 0.1
db:	PACKETSTORM	id:	136893	Trust: 0.1
db:	PACKETSTORM	id:	136919	Trust: 0.1
db:	PACKETSTORM	id:	140056	Trust: 0.1
db:	CNNVD	id:	CNNVD-201605-081	Trust: 0.1
db:	VULHUB	id:	VHN-90924	Trust: 0.1
db:	PACKETSTORM	id:	138473	Trust: 0.1
db:	PACKETSTORM	id:	136958	Trust: 0.1
db:	PACKETSTORM	id:	139115	Trust: 0.1

sources: VULHUB: VHN-90924 // PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 138472 // PACKETSTORM: 136958 // PACKETSTORM: 139115 // PACKETSTORM: 139379 // NVD: CVE-2016-2105

REFERENCES

url:	http://rhn.redhat.com/errata/rhsa-2016-0996.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-1648.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-1649.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-1650.html	Trust: 1.2
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/89757	Trust: 1.1
url:	http://www.securityfocus.com/bid/91787	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.1
url:	https://bto.bluecoat.com/security-advisory/sa123	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20160504-0001/	Trust: 1.1
url:	https://source.android.com/security/bulletin/pixel/2017-11-01	Trust: 1.1
url:	https://support.apple.com/ht206903	Trust: 1.1
url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 1.1
url:	https://www.tenable.com/security/tns-2016-18	Trust: 1.1
url:	http://www.debian.org/security/2016/dsa-3566	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html	Trust: 1.1
url:	https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc	Trust: 1.1
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.1
url:	http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-0722.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-2056.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-2073.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-2957.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1035721	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2959-1	Trust: 1.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 1.0
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 1.0
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 1.0
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2106	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2105	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2106	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2105	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5387	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-3110	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3110	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-5387	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html	Trust: 0.3
url:	https://access.redhat.com/security/vulnerabilities/httpoxy	Trust: 0.3
url:	https://access.redhat.com/site/documentation/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2109	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2107	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-2109	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2108	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-2108	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 0.1
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 0.1
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3570	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3570	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=distributions&version=2.1.1	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2107	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2842	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-2055.html	Trust: 0.1
url:	https://access.redhat.com/articles/2688611	Trust: 0.1
url:	https://access.redhat.com/solutions/222023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3195	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3183	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4393	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4396	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4395	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4542	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4070	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4072	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4071	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4343	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4541	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4394	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4342	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 138472 // PACKETSTORM: 136958 // PACKETSTORM: 139115

SOURCES

db:	VULHUB	id:	VHN-90924
db:	PACKETSTORM	id:	138471
db:	PACKETSTORM	id:	138473
db:	PACKETSTORM	id:	138472
db:	PACKETSTORM	id:	136958
db:	PACKETSTORM	id:	139115
db:	PACKETSTORM	id:	139379
db:	NVD	id:	CVE-2016-2105

LAST UPDATE DATE

2025-10-20T01:13:20.474000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90924	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90924	date:	2016-05-05T00:00:00
db:	PACKETSTORM	id:	138471	date:	2016-08-22T23:23:00
db:	PACKETSTORM	id:	138473	date:	2016-08-22T23:25:00
db:	PACKETSTORM	id:	138472	date:	2016-08-22T23:24:00
db:	PACKETSTORM	id:	136958	date:	2016-05-10T17:01:56
db:	PACKETSTORM	id:	139115	date:	2016-10-12T20:28:07
db:	PACKETSTORM	id:	139379	date:	2016-10-27T19:22:00
db:	NVD	id:	CVE-2016-2105	date:	2016-05-05T01:59:01.200