Details of VAR-201605-0075

ID

VAR-201605-0075

CVE

CVE-2016-2105

TITLE

OpenSSL of crypto/evp/encode.c of EVP_EncodeUpdate Integer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-002472

DESCRIPTION

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. ============================================================================ Ubuntu Security Notice USN-2959-1 May 03, 2016 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.1 Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.19 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.36 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) * A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34 6. Package List: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server: Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.7) - i386, ppc64, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. 6.7): Source: openssl-1.0.1e-42.el6_7.5.src.rpm x86_64: openssl-1.0.1e-42.el6_7.5.i686.rpm openssl-1.0.1e-42.el6_7.5.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842) * This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185) * This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6

Trust: 2.16

sources: NVD: CVE-2016-2105 // JVNDB: JVNDB-2016-002472 // VULHUB: VHN-90924 // PACKETSTORM: 136895 // PACKETSTORM: 139114 // PACKETSTORM: 139167 // PACKETSTORM: 139116 // PACKETSTORM: 140182

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.6
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.14	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	5.11.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.4.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.45	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	nec	model:	esmpro/serveragentservice	scope:	eq	version:	all versions (linux)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	foundation v8.2 to v8.5	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node eus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle access manager 11.1.1.7	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v3.0	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v6.2	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer version 5	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.x	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v7.1	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12 and earlier	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1t	Trust: 0.8
vendor:	hitachi	model:	cosminexus primary server	scope:	eq	version:	base version 6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server aus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.2	Trust: 0.8
vendor:	opensuse	model:	leap	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	7.0	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.71	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer standard version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer professional version 6	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.53	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional for plug-in	Trust: 0.8
vendor:	hitachi	model:	web server	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	- messaging	Trust: 0.8
vendor:	nec	model:	ip38x/3000	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server version 5	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/1200	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	st ard v8.2 to v9.4	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30 and earlier	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v3.1	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	netvisorpro 6.1	Trust: 0.8
vendor:	nec	model:	ip38x/810	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	webotx enterprise service bus	scope:	eq	version:	v8.2 to v9.3	Trust: 0.8
vendor:	nec	model:	ip38x/n500	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series sg3600lm/lg/lj v6.1	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer light version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	st ard-r	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	none	Trust: 0.8
vendor:	nec	model:	capssuite	scope:	eq	version:	v3.0 to v4.0	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.2	Trust: 0.8
vendor:	nec	model:	univerge	scope:	eq	version:	business connect v7.1.1	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v4.0	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	red hat	model:	enterprise linux server eus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	nec	model:	ip38x/sr100	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server enterprise	scope:	eq	version:	version 6	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	cosminexus primary server	scope:	eq	version:	version 6	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v8.0	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	6.2	Trust: 0.8
vendor:	nec	model:	enterprisedirectoryserver	scope:	eq	version:	ver6.1 to v8.0	Trust: 0.8
vendor:	nec	model:	secureware/pki application development kit	scope:	eq	version:	ver3.2	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v7.0	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series intersecvm/sg v1.2	Trust: 0.8
vendor:	nec	model:	ip38x/1210	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	express v8.2 to v9.4	Trust: 0.8
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.x	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server standard	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	express	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	enterprise v8.2 to v9.4	Trust: 0.8
vendor:	hitachi	model:	web server	scope:	eq	version:	- security enhancement	Trust: 0.8
vendor:	nec	model:	ip38x/3500	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/fw120	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	01	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.1	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.63	Trust: 0.8
vendor:	opensuse	model:	opensuse	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/5000	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v8.2	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle access manager 10.1.4.x	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series univerge sg3000lg/lj	Trust: 0.8

sources: CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2105
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90924
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90924
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-90924 // CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-189	Trust: 0.9

sources: VULHUB: VHN-90924 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136895 // CNNVD: CNNVD-201605-081

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201605-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002472

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90924

PATCH

title:	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	HPSBMU03691	url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Trust: 0.8
title:	SB10160	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10160	Trust: 0.8
title:	NV16-015	url:	http://jpn.nec.com/security-info/secinfo/nv16-015.html	Trust: 0.8
title:	Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]	url:	https://www.openssl.org/news/openssl-1.0.1-notes.html	Trust: 0.8
title:	Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]	url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.8
title:	Avoid overflow in EVP_EncodeUpdate	url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.8
title:	EVP_EncodeUpdate overflow (CVE-2016-2105)	url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 0.8
title:	openSUSE-SU-2016:1566	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html	Trust: 0.8
title:	Oracle Linux Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.8
title:	Oracle Linux Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 0.8
title:	RHSA-2016:0722	url:	http://rhn.redhat.com/errata/RHSA-2016-0722.html	Trust: 0.8
title:	RHSA-2016:0996	url:	http://rhn.redhat.com/errata/RHSA-2016-0996.html	Trust: 0.8
title:	SA40202	url:	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202	Trust: 0.8
title:	July 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2016_critical_patch_update	Trust: 0.8
title:	JSA10759	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Trust: 0.8
title:	TLSA-2016-14	url:	http://www.turbolinux.co.jp/security/2016/TLSA-2016-14j.html	Trust: 0.8
title:	HS16-023	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-023/index.html	Trust: 0.8
title:	OpenSSL Fixes for integer overflow vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=61406	Trust: 0.6

sources: CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2105	Trust: 3.0
db:	BID	id:	91787	Trust: 1.7
db:	BID	id:	89757	Trust: 1.7
db:	SECTRACK	id:	1035721	Trust: 1.7
db:	MCAFEE	id:	SB10160	Trust: 1.7
db:	PACKETSTORM	id:	136912	Trust: 1.7
db:	TENABLE	id:	TNS-2016-18	Trust: 1.7
db:	SIEMENS	id:	SSA-412672	Trust: 1.7
db:	JUNIPER	id:	JSA10759	Trust: 1.7
db:	JVN	id:	JVNVU93163809	Trust: 0.8
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-081	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2148	Trust: 0.6
db:	PACKETSTORM	id:	136895	Trust: 0.2
db:	PACKETSTORM	id:	143513	Trust: 0.1
db:	PACKETSTORM	id:	138471	Trust: 0.1
db:	PACKETSTORM	id:	142803	Trust: 0.1
db:	PACKETSTORM	id:	138472	Trust: 0.1
db:	PACKETSTORM	id:	136893	Trust: 0.1
db:	PACKETSTORM	id:	136919	Trust: 0.1
db:	PACKETSTORM	id:	139379	Trust: 0.1
db:	PACKETSTORM	id:	140056	Trust: 0.1
db:	VULHUB	id:	VHN-90924	Trust: 0.1
db:	PACKETSTORM	id:	139114	Trust: 0.1
db:	PACKETSTORM	id:	139167	Trust: 0.1
db:	PACKETSTORM	id:	139116	Trust: 0.1
db:	PACKETSTORM	id:	140182	Trust: 0.1

sources: VULHUB: VHN-90924 // PACKETSTORM: 136895 // PACKETSTORM: 139114 // PACKETSTORM: 139167 // PACKETSTORM: 139116 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

REFERENCES

url:	http://www.securityfocus.com/bid/89757	Trust: 2.3
url:	http://www.securityfocus.com/bid/91787	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3566	Trust: 2.3
url:	http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html	Trust: 2.3
url:	http://rhn.redhat.com/errata/rhsa-2016-2056.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2073.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2957.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2959-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa123	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20160504-0001/	Trust: 1.7
url:	https://source.android.com/security/bulletin/pixel/2017-11-01	Trust: 1.7
url:	https://support.apple.com/ht206903	Trust: 1.7
url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-18	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html	Trust: 1.7
url:	https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc	Trust: 1.7
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-0722.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-0996.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1648.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1649.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1650.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1035721	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 1.7
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 1.6
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 1.6
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 1.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.6
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93163809/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=16	Trust: 0.8
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887855	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2148/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2108	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2109	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2106	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2105	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2109	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2106	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2105	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2108	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2107	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-4459	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3195	Trust: 0.3
url:	https://access.redhat.com/articles/2688611	Trust: 0.2
url:	https://access.redhat.com/solutions/222023	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4459	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4000	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3110	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-3183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3110	Trust: 0.2
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-2107	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-2842	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-0799	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 0.1
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.36	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-2054.html	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.1
url:	https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4448	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3216	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-8176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1835	Trust: 0.1
url:	https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4483	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3185	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3194	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1833	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=distributions&version=2.4.23	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1836	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4449	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0286	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5420	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3194	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0286	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2012-1148	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1837	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1839	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5419	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0702	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3216	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1834	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4447	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-7141	Trust: 0.1

CREDITS

Guido Vranken

Trust: 0.6

sources: CNNVD: CNNVD-201605-081

SOURCES

db:	VULHUB	id:	VHN-90924
db:	PACKETSTORM	id:	136895
db:	PACKETSTORM	id:	139114
db:	PACKETSTORM	id:	139167
db:	PACKETSTORM	id:	139116
db:	PACKETSTORM	id:	140182
db:	CNNVD	id:	CNNVD-201605-081
db:	JVNDB	id:	JVNDB-2016-002472
db:	NVD	id:	CVE-2016-2105

LAST UPDATE DATE

2026-06-19T22:16:14.150000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90924	date:	2022-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201605-081	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002472	date:	2017-10-03T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2026-06-17T00:43:26.503

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90924	date:	2016-05-05T00:00:00
db:	PACKETSTORM	id:	136895	date:	2016-05-03T22:56:05
db:	PACKETSTORM	id:	139114	date:	2016-10-12T20:16:45
db:	PACKETSTORM	id:	139167	date:	2016-10-18T13:58:46
db:	PACKETSTORM	id:	139116	date:	2016-10-12T23:44:55
db:	PACKETSTORM	id:	140182	date:	2016-12-16T16:34:49
db:	CNNVD	id:	CNNVD-201605-081	date:	2016-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-002472	date:	2016-05-10T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2016-05-05T01:59:01.200