ID

VAR-201605-0075


CVE

CVE-2016-2105


TITLE

OpenSSL of crypto/evp/encode.c of EVP_EncodeUpdate Integer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-002472

DESCRIPTION

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. (CVE-2016-5387) * It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2016-3110) * It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. The References section of this erratum contains a download link (you must log in to download the update). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2j >= 1.0.2j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j" References ========== [ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. This could lead to a heap corruption. This could lead to a heap corruption. CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. CVE-2016-2176 Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5. For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05320149 Version: 1 HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-10-26 Last Updated: 2016-10-26 Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. References: - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information - CVE-2016-2106 - OpenSSL, Denial of Service (DoS) - CVE-2016-2109 - OpenSSL, Denial of Service (DoS) - CVE-2016-2105 - OpenSSL, Denial of Service (DoS) - CVE-2016-3739 - cURL and libcurl, Remote code execution - CVE-2016-5388 - "HTTPoxy", Apache Tomcat - CVE-2016-5387 - "HTTPoxy", Apache HTTP Server - CVE-2016-5385 - "HTTPoxy", PHP - CVE-2016-4543 - PHP, multiple impact - CVE-2016-4071 - PHP, multiple impact - CVE-2016-4072 - PHP, multiple impact - CVE-2016-4542 - PHP, multiple impact - CVE-2016-4541 - PHP, multiple impact - CVE-2016-4540 - PHP, multiple impact - CVE-2016-4539 - PHP, multiple impact - CVE-2016-4538 - PHP, multiple impact - CVE-2016-4537 - PHP, multiple impact - CVE-2016-4343 - PHP, multiple impact - CVE-2016-4342 - PHP, multiple impact - CVE-2016-4070 - PHP, Denial of Service (DoS) - CVE-2016-4393 - PSRT110263, XSS vulnerability - CVE-2016-4394 - PSRT110263, HSTS vulnerability - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow - PSRT110145 - PSRT110263 - PSRT110115 - PSRT110116 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE System Management Homepage - all versions prior to v7.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2105 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2106 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2107 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2016-2109 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-3739 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) CVE-2016-4070 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4071 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4072 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4342 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) CVE-2016-4343 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-4393 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) CVE-2016-4394 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE-2016-4395 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4396 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4537 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4538 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4539 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4540 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4541 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4543 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5385 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5387 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5388 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 * Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH). Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations: * <https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html> HISTORY Version:1 (rev.1) - 26 October 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. References: - CVE-2016-2105 - openssl - CVE-2016-2106 - openssl - CVE-2016-2107 - openssl - CVE-2016-2108 - openssl - CVE-2016-2109 - openssl - CVE-2016-2176 - openssl SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed

Trust: 2.52

sources: NVD: CVE-2016-2105 // JVNDB: JVNDB-2016-002472 // VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 139115 // PACKETSTORM: 136893 // PACKETSTORM: 139379 // PACKETSTORM: 143513

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1m

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:5.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1p

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:0.12.14

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2f

Trust: 1.0

vendor:redhatmodel:enterprise linux hpc node eusscope:eqversion:7.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1g

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1r

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1l

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:4.1.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:eqversion:6.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1s

Trust: 1.0

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:0.12.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1n

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.7.12

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1q

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:0.10.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.2.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:5.11.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1j

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.4.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.6.30

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.6.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:0.10.45

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:necmodel:esmpro/serveragentservicescope:eqversion:all versions (linux)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:(v. 7)

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:foundation v8.2 to v8.5

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:(v. 7)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:(v. 6)

Trust: 0.8

vendor:hitachimodel:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc node eusscope:eqversion:(v. 7.2)

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle access manager 11.1.1.7

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v3.0

Trust: 0.8

vendor:hitachimodel:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v6.2

Trust: 0.8

vendor:hitachimodel:cosminexus developer version 5scope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:(v. 7)

Trust: 0.8

vendor:oraclemodel:exalogic infrastructurescope:eqversion:1.x

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v7.1

Trust: 0.8

vendor:oraclemodel:mysqlscope:lteversion:5.7.12 and earlier

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.1t

Trust: 0.8

vendor:hitachimodel:cosminexus primary serverscope:eqversion:base version 6

Trust: 0.8

vendor:red hatmodel:enterprise linux server ausscope:eqversion:(v. 7.2)

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.2

Trust: 0.8

vendor:opensusemodel:leapscope: - version: -

Trust: 0.8

vendor:necmodel:websamscope:eqversion:7.0

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:4.71

Trust: 0.8

vendor:hitachimodel:cosminexus developer standard version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer professional version 6scope: - version: -

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.53

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional for plug-in

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:- messaging

Trust: 0.8

vendor:necmodel:ip38x/3000scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus application server version 5scope: - version: -

Trust: 0.8

vendor:necmodel:ip38x/1200scope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:st ard v8.2 to v9.4

Trust: 0.8

vendor:oraclemodel:mysqlscope:lteversion:5.6.30 and earlier

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v3.1

Trust: 0.8

vendor:necmodel:websamscope:eqversion:netvisorpro 6.1

Trust: 0.8

vendor:necmodel:ip38x/810scope: - version: -

Trust: 0.8

vendor:necmodel:webotx enterprise service busscope:eqversion:v8.2 to v9.3

Trust: 0.8

vendor:necmodel:ip38x/n500scope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:/sg series sg3600lm/lg/lj v6.1

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:(v. 6)

Trust: 0.8

vendor:hitachimodel:cosminexus developer light version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:st ard-r

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:(v. 6)

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:necmodel:capssuitescope:eqversion:v3.0 to v4.0

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:5.2

Trust: 0.8

vendor:necmodel:univergescope:eqversion:business connect v7.1.1

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v4.0

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:(v. 7.2)

Trust: 0.8

vendor:necmodel:ip38x/sr100scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus application server enterprisescope:eqversion:version 6

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.2h

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:(v. 6)

Trust: 0.8

vendor:hitachimodel:cosminexus primary serverscope:eqversion:version 6

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v8.0

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 0.8

vendor:necmodel:websamscope:eqversion:6.2

Trust: 0.8

vendor:necmodel:enterprisedirectoryserverscope:eqversion:ver6.1 to v8.0

Trust: 0.8

vendor:necmodel:secureware/pki application development kitscope:eqversion:ver3.2

Trust: 0.8

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.54

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v7.0

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:/sg series intersecvm/sg v1.2

Trust: 0.8

vendor:necmodel:ip38x/1210scope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:express v8.2 to v9.4

Trust: 0.8

vendor:oraclemodel:exalogic infrastructurescope:eqversion:2.x

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:(v. 7)

Trust: 0.8

vendor:hitachimodel:cosminexus application server standardscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:express

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:enterprise v8.2 to v9.4

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:- security enhancement

Trust: 0.8

vendor:necmodel:ip38x/3500scope: - version: -

Trust: 0.8

vendor:necmodel:ip38x/fw120scope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:01

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.1

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:4.63

Trust: 0.8

vendor:opensusemodel:opensusescope: - version: -

Trust: 0.8

vendor:necmodel:ip38x/5000scope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:v8.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle access manager 10.1.4.x

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:/sg series univerge sg3000lg/lj

Trust: 0.8

sources: JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2105
value: HIGH

Trust: 1.0

NVD: CVE-2016-2105
value: HIGH

Trust: 0.8

VULHUB: VHN-90924
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-2105
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2105
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90924
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2105
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-2105
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:CWE-189

Trust: 0.9

sources: VULHUB: VHN-90924 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 136958

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002472

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90924

PATCH

title:APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004url:http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

Trust: 0.8

title:HT206903url:https://support.apple.com/en-us/HT206903

Trust: 0.8

title:HT206903url:https://support.apple.com/ja-jp/HT206903

Trust: 0.8

title:HPSBMU03691url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Trust: 0.8

title:SB10160url:https://kc.mcafee.com/corporate/index?page=content&id=SB10160

Trust: 0.8

title:NV16-015url:http://jpn.nec.com/security-info/secinfo/nv16-015.html

Trust: 0.8

title:Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]url:https://www.openssl.org/news/openssl-1.0.1-notes.html

Trust: 0.8

title:Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]url:https://www.openssl.org/news/openssl-1.0.2-notes.html

Trust: 0.8

title:Avoid overflow in EVP_EncodeUpdateurl:https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a

Trust: 0.8

title:EVP_EncodeUpdate overflow (CVE-2016-2105)url:https://www.openssl.org/news/secadv/20160503.txt

Trust: 0.8

title:openSUSE-SU-2016:1566url:https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2016url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2016url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2016 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html

Trust: 0.8

title:Oracle Linux Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - April 2016url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 0.8

title:Oracle VM Server for x86 Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 0.8

title:Oracle Linux Bulletin - April 2016url:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Trust: 0.8

title:RHSA-2016:0722url:http://rhn.redhat.com/errata/RHSA-2016-0722.html

Trust: 0.8

title:RHSA-2016:0996url:http://rhn.redhat.com/errata/RHSA-2016-0996.html

Trust: 0.8

title:SA40202url:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

Trust: 0.8

title:July 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2016_critical_patch_update

Trust: 0.8

title:JSA10759url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

Trust: 0.8

title:TLSA-2016-14url:http://www.turbolinux.co.jp/security/2016/TLSA-2016-14j.html

Trust: 0.8

title:HS16-023url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-023/index.html

Trust: 0.8

title:The Registerurl:https://www.theregister.co.uk/2016/05/03/openssl_patches/

Trust: 0.2

title:Red Hat: Important: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162073 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2016-2105url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2105

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2959-1

Trust: 0.1

title:Debian Security Advisories: DSA-3566-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=055972eb84483959232c972f757685e0

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-695url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-695

Trust: 0.1

title:Tenable Security Advisories: [R5] OpenSSL '20160503' Advisory Affects Tenable Productsurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-10

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSHurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=01fd01e3d154696ffabfde89f4142310

Trust: 0.1

title:Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-13

Trust: 0.1

title:Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=5d65f6765e60e5fe9e6998a5bde1aadc

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=83bbd91f8369c8f064e6d68dac68400f

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87

Trust: 0.1

title:Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-18

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2016-2105

Trust: 0.1

title:changelogurl:https://github.com/securityrouter/changelog

Trust: 0.1

title:alpine-cvecheckurl:https://github.com/tomwillfixit/alpine-cvecheck

Trust: 0.1

title: - url:https://github.com/imhunterand/hackerone-publicy-disclosed

Trust: 0.1

title:satellite-host-cveurl:https://github.com/RedHatSatellite/satellite-host-cve

Trust: 0.1

sources: VULMON: CVE-2016-2105 // JVNDB: JVNDB-2016-002472

EXTERNAL IDS

db:NVDid:CVE-2016-2105

Trust: 2.8

db:BIDid:91787

Trust: 1.2

db:BIDid:89757

Trust: 1.2

db:SECTRACKid:1035721

Trust: 1.2

db:MCAFEEid:SB10160

Trust: 1.2

db:PACKETSTORMid:136912

Trust: 1.2

db:TENABLEid:TNS-2016-18

Trust: 1.2

db:SIEMENSid:SSA-412672

Trust: 1.2

db:JUNIPERid:JSA10759

Trust: 1.2

db:JVNid:JVNVU93163809

Trust: 0.8

db:JVNid:JVNVU94844193

Trust: 0.8

db:JVNDBid:JVNDB-2016-002472

Trust: 0.8

db:PACKETSTORMid:143513

Trust: 0.2

db:PACKETSTORMid:138471

Trust: 0.2

db:PACKETSTORMid:136893

Trust: 0.2

db:PACKETSTORMid:139379

Trust: 0.2

db:PACKETSTORMid:140056

Trust: 0.2

db:PACKETSTORMid:136895

Trust: 0.1

db:PACKETSTORMid:142803

Trust: 0.1

db:PACKETSTORMid:138472

Trust: 0.1

db:PACKETSTORMid:136919

Trust: 0.1

db:CNNVDid:CNNVD-201605-081

Trust: 0.1

db:VULHUBid:VHN-90924

Trust: 0.1

db:ICS CERTid:ICSA-22-349-21

Trust: 0.1

db:VULMONid:CVE-2016-2105

Trust: 0.1

db:PACKETSTORMid:138473

Trust: 0.1

db:PACKETSTORMid:136958

Trust: 0.1

db:PACKETSTORMid:139115

Trust: 0.1

sources: VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 139115 // PACKETSTORM: 136893 // PACKETSTORM: 139379 // PACKETSTORM: 143513 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

REFERENCES

url:https://www.openssl.org/news/secadv/20160503.txt

Trust: 1.3

url:https://security.gentoo.org/glsa/201612-16

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-0996.html

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-1648.html

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-1650.html

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html

Trust: 1.2

url:http://www.securityfocus.com/bid/89757

Trust: 1.2

url:http://www.securityfocus.com/bid/91787

Trust: 1.2

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl

Trust: 1.2

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.2

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 1.2

url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Trust: 1.2

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.2

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 1.2

url:https://bto.bluecoat.com/security-advisory/sa123

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.2

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149

Trust: 1.2

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20160504-0001/

Trust: 1.2

url:https://source.android.com/security/bulletin/pixel/2017-11-01

Trust: 1.2

url:https://support.apple.com/ht206903

Trust: 1.2

url:https://www.tenable.com/security/tns-2016-18

Trust: 1.2

url:http://www.debian.org/security/2016/dsa-3566

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html

Trust: 1.2

url:https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc

Trust: 1.2

url:http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2016-0722.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2016-1649.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2016-2056.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2016-2073.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.2

url:http://www.securitytracker.com/id/1035721

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2959-1

Trust: 1.2

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10160

Trust: 1.1

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10759

Trust: 1.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us

Trust: 1.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us

Trust: 1.1

url:https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2106

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-2105

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93163809/

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94844193/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105

Trust: 0.8

url:http://www.aratana.jp/security/detail.php?id=16

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-2109

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-2107

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-2108

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-2106

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-2105

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5387

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-3110

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-3110

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2176

Trust: 0.3

url:https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5387

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html

Trust: 0.2

url:https://access.redhat.com/security/vulnerabilities/httpoxy

Trust: 0.2

url:https://access.redhat.com/site/documentation/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2109

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2108

Trust: 0.2

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.2

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.2

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.2

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10759

Trust: 0.1

url:https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbhf03756en_us

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbhf03765en_us

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10160

Trust: 0.1

url:http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2016&amp;m=slackware-security.542103

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2016-2105

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2016:2073

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/securityrouter/changelog

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=47151

Trust: 0.1

url:https://usn.ubuntu.com/2959-1/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3570

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3570

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=distributions&version=2.1.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2178

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7052

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6306

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6304

Trust: 0.1

url:http://eprint.iacr.org/2016/594.pdf

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6305

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2183

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2842

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2016-2055.html

Trust: 0.1

url:https://access.redhat.com/articles/2688611

Trust: 0.1

url:https://access.redhat.com/solutions/222023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-4000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3183

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3195

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3183

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4393

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4396

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4395

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4542

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4538

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4070

Trust: 0.1

url:https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4072

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4071

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4541

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4394

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4539

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4540

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4342

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us

Trust: 0.1

url:http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_

Trust: 0.1

sources: VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 139115 // PACKETSTORM: 136893 // PACKETSTORM: 139379 // PACKETSTORM: 143513 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 138471 // PACKETSTORM: 138473 // PACKETSTORM: 136958 // PACKETSTORM: 139115

SOURCES

db:VULHUBid:VHN-90924
db:VULMONid:CVE-2016-2105
db:PACKETSTORMid:138471
db:PACKETSTORMid:138473
db:PACKETSTORMid:140056
db:PACKETSTORMid:136958
db:PACKETSTORMid:139115
db:PACKETSTORMid:136893
db:PACKETSTORMid:139379
db:PACKETSTORMid:143513
db:JVNDBid:JVNDB-2016-002472
db:NVDid:CVE-2016-2105

LAST UPDATE DATE

2026-07-10T19:59:33.750000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90924date:2022-12-13T00:00:00
db:VULMONid:CVE-2016-2105date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2016-002472date:2017-10-03T00:00:00
db:NVDid:CVE-2016-2105date:2026-06-17T00:43:26.503

SOURCES RELEASE DATE

db:VULHUBid:VHN-90924date:2016-05-05T00:00:00
db:VULMONid:CVE-2016-2105date:2016-05-05T00:00:00
db:PACKETSTORMid:138471date:2016-08-22T23:23:00
db:PACKETSTORMid:138473date:2016-08-22T23:25:00
db:PACKETSTORMid:140056date:2016-12-07T16:37:31
db:PACKETSTORMid:136958date:2016-05-10T17:01:56
db:PACKETSTORMid:139115date:2016-10-12T20:28:07
db:PACKETSTORMid:136893date:2016-05-03T22:55:47
db:PACKETSTORMid:139379date:2016-10-27T19:22:00
db:PACKETSTORMid:143513date:2017-07-26T17:44:00
db:JVNDBid:JVNDB-2016-002472date:2016-05-10T00:00:00
db:NVDid:CVE-2016-2105date:2016-05-05T01:59:01.200