Sign-up

ID

VAR-201711-0007


CVE

CVE-2016-8610


TITLE

OpenSSL  Service operation interruption in  (DoS)  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008860

DESCRIPTION

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 2 security update Advisory ID: RHSA-2017:2493-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:2493 Issue date: 2017-08-21 CVE Names: CVE-2016-6304 CVE-2016-8610 CVE-2017-5647 CVE-2017-5664 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server - i386, noarch, x86_64 Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server - noarch, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2016-8610) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 6. Package List: Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server: Source: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.src.rpm tomcat6-6.0.41-17_patch_04.ep6.el6.src.rpm tomcat7-7.0.54-25_patch_05.ep6.el6.src.rpm i386: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.i686.rpm noarch: tomcat6-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-lib-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-log4j-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-maven-devel-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat6-webapps-6.0.41-17_patch_04.ep6.el6.noarch.rpm tomcat7-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-admin-webapps-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-docs-webapp-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-el-2.2-api-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-javadoc-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-lib-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-log4j-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-maven-devel-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-25_patch_05.ep6.el6.noarch.rpm tomcat7-webapps-7.0.54-25_patch_05.ep6.el6.noarch.rpm x86_64: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.x86_64.rpm Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server: Source: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm tomcat6-6.0.41-17_patch_04.ep6.el7.src.rpm tomcat7-7.0.54-25_patch_05.ep6.el7.src.rpm noarch: tomcat6-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-admin-webapps-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-docs-webapp-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-el-2.1-api-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-javadoc-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-lib-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-log4j-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-maven-devel-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat6-webapps-6.0.41-17_patch_04.ep6.el7.noarch.rpm tomcat7-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-admin-webapps-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-docs-webapp-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-el-2.2-api-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-javadoc-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-lib-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-log4j-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-maven-devel-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-25_patch_05.ep6.el7.noarch.rpm tomcat7-webapps-7.0.54-25_patch_05.ep6.el7.noarch.rpm x86_64: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2017-5647 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3155411 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZmv6+XlSAg2UNWIIRAnfkAKCXeBF/SRuTjBPWP1kPzZI9k5sZbwCfQnpQ Fnzv/F9hzl2vEOAMvBOv7WE= =hnQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u6. For the unstable distribution (sid), these problems have been fixed in version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 of the openssl1.0 source package. We recommend that you upgrade your openssl packages. This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update to take effect. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-8610) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. =========================================================================== Ubuntu Security Notice USN-3183-2 March 20, 2017 gnutls26 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: GnuTLS could be made to hang if it received specially crafted network traffic. Software Description: - gnutls26: GNU TLS library Details: USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.7 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.14 In general, a standard system update will make all the necessary changes

Trust: 2.7

sources: NVD: CVE-2016-8610 // JVNDB: JVNDB-2016-008860 // BID: 93841 // VULHUB: VHN-97430 // VULMON: CVE-2016-8610 // PACKETSTORM: 143874 // PACKETSTORM: 143176 // PACKETSTORM: 143873 // PACKETSTORM: 140781 // PACKETSTORM: 143181 // PACKETSTORM: 141708 // PACKETSTORM: 140890

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.1

Trust: 2.4

vendor:opensslmodel:opensslscope:eqversion:0.9.8

Trust: 2.4

vendor:opensslmodel:opensslscope:eqversion:1.1.0

Trust: 1.8

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:snapcenter serverscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3070

Trust: 1.0

vendor:fujitsumodel:m12-1scope:gteversion:xcp3000

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:gteversion:xcp3000

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3070

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.40

Trust: 1.0

vendor:netappmodel:smi-s providerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2361

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2361

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:gteversion:xcp3000

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2361

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3070

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:core rdbmsscope:eqversion:18c

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:core rdbmsscope:eqversion:12.2.0.1

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4scope:gteversion:xcp3000

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:netappmodel:cn1610scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:adaptive access managerscope:eqversion:11.1.2.3.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:netappmodel:storagegrid webscalescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2361

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:paloaltonetworksmodel:pan-osscope:gteversion:7.1.0

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.0.2h

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:netappmodel:data ontap edgescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:paloaltonetworksmodel:pan-osscope:lteversion:7.1.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2361

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.4.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.6.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3070

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:netappmodel:oncommand balancescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:fujitsumodel:m10-1scope:gteversion:xcp3000

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:18.1.4.1.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:oraclemodel:communications ip service activatorscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:goldengate application adaptersscope:eqversion:12.3.2.1.0

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3070

Trust: 1.0

vendor:oraclemodel:core rdbmsscope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:communications analyticsscope:eqversion:12.1.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:fujitsumodel:m12-2scope:gteversion:xcp3000

Trust: 1.0

vendor:netappmodel:ontap select deployscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3070

Trust: 1.0

vendor:netappmodel:host agentscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:core rdbmsscope:eqversion:12.1.0.2

Trust: 1.0

vendor:netappmodel:snapdrivescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications ip service activatorscope:eqversion:7.3.4

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:paloaltonetworksmodel:pan-osscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:core rdbmsscope:eqversion:11.2.0.4

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2361

Trust: 1.0

vendor:paloaltonetworksmodel:pan-osscope:lteversion:7.0.15

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:paloaltonetworksmodel:pan-osscope:lteversion:6.1.17

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2 to 1.0.2h

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion: -

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 0.6

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:jboss web serverscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:jboss core services on rhel serverscope:eqversion:70

Trust: 0.3

vendor:redhatmodel:jboss core services on rhel serverscope:eqversion:60

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.1

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.15

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.14

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.13

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.12

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.11

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.10

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.5

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.4

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.1

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.9

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.8

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:7.0.7

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1uscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1tscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1sscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1rscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1qscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1pscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1nscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1mscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1lscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1kscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1iscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zhscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zgscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zfscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zescope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zdscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zcscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zbscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8zascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8yscope: - version: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.8x

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8wscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8uscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8tscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8sscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8rscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8qscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8pscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8nscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8mscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8lscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.8v

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unixscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.4.4

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.4.3

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.4.8.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.4.6.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.9.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.8.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.7.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.6.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.3

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.2.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:5.3.10.0

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:eqversion:4.2.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.2.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.16

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.15

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.13

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.12

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:paloaltonetworksmodel:pan-osscope:neversion:7.0.16

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope:neversion: -

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unix 4.1.0.4.ifix085scope:neversion: -

Trust: 0.3

vendor:ibmmodel:netezza host managementscope:neversion:5.4.9.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.5.2.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.5.1.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.5.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.11

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.1.0.14

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.0.0.17

Trust: 0.3

sources: BID: 93841 // CNNVD: CNNVD-201610-726 // JVNDB: JVNDB-2016-008860 // NVD: CVE-2016-8610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8610
value: HIGH

Trust: 1.0

NVD: CVE-2016-8610
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-726
value: HIGH

Trust: 0.6

VULHUB: VHN-97430
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-8610
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8610
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-97430
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8610
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-8610
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97430 // VULMON: CVE-2016-8610 // CNNVD: CNNVD-201610-726 // JVNDB: JVNDB-2016-008860 // NVD: CVE-2016-8610

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-399

Trust: 0.1

sources: VULHUB: VHN-97430 // JVNDB: JVNDB-2016-008860 // NVD: CVE-2016-8610

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 141708 // PACKETSTORM: 140890 // CNNVD: CNNVD-201610-726

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201610-726

PATCH

title:Don't allow too many consecutive warning alerts Red hat Red Hat Bugzillaurl:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401

Trust: 0.8

title:OpenSSL Remediation measures for denial of service vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=65089

Trust: 0.6

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170286 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171659 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: gnutls security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170574 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171658 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171414 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171415 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171413 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-3773-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=9f660812dd6a423f7e72aa57751d0031

Trust: 0.1

title:Red Hat: CVE-2016-8610url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-8610

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-803url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-803

Trust: 0.1

title:Ubuntu Security Notice: gnutls26 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3183-2

Trust: 0.1

title:Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3183-1

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3181-1

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171801 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171802 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-815url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-815

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ecbe5f193404d1e9c62e8323118ae6cf

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=04299a624c15ae57f9f110f484bc5f66

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6839c4d3fd328571c675c335d58b5591

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=d78b3379ca364568964f30138964c7e7

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=bf8deceb640f4a0fee008855afe6aa85

Trust: 0.1

title:CVE-2016-8610-PoCurl:https://github.com/cujanovic/CVE-2016-8610-PoC

Trust: 0.1

sources: VULMON: CVE-2016-8610 // CNNVD: CNNVD-201610-726 // JVNDB: JVNDB-2016-008860

EXTERNAL IDS

db:NVDid:CVE-2016-8610

Trust: 4.4

db:BIDid:93841

Trust: 2.1

db:SECTRACKid:1037084

Trust: 1.8

db:JVNDBid:JVNDB-2016-008860

Trust: 0.8

db:CNNVDid:CNNVD-201610-726

Trust: 0.7

db:AUSCERTid:ESB-2019.2173

Trust: 0.6

db:PACKETSTORMid:141173

Trust: 0.1

db:PACKETSTORMid:141752

Trust: 0.1

db:SEEBUGid:SSVID-92490

Trust: 0.1

db:VULHUBid:VHN-97430

Trust: 0.1

db:VULMONid:CVE-2016-8610

Trust: 0.1

db:PACKETSTORMid:143874

Trust: 0.1

db:PACKETSTORMid:143176

Trust: 0.1

db:PACKETSTORMid:143873

Trust: 0.1

db:PACKETSTORMid:140781

Trust: 0.1

db:PACKETSTORMid:143181

Trust: 0.1

db:PACKETSTORMid:141708

Trust: 0.1

db:PACKETSTORMid:140890

Trust: 0.1

sources: VULHUB: VHN-97430 // VULMON: CVE-2016-8610 // BID: 93841 // PACKETSTORM: 143874 // PACKETSTORM: 143176 // PACKETSTORM: 143873 // PACKETSTORM: 140781 // PACKETSTORM: 143181 // PACKETSTORM: 141708 // PACKETSTORM: 140890 // CNNVD: CNNVD-201610-726 // JVNDB: JVNDB-2016-008860 // NVD: CVE-2016-8610

REFERENCES

url:http://www.securityfocus.com/bid/93841

Trust: 2.4

url:http://seclists.org/oss-sec/2016/q4/224

Trust: 2.1

url:https://access.redhat.com/errata/rhsa-2017:1658

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2017-1659.html

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2017:2493

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2017:2494

Trust: 1.9

url:http://www.securitytracker.com/id/1037084

Trust: 1.8

url:https://www.debian.org/security/2017/dsa-3773

Trust: 1.8

url:https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2017-0286.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2017-0574.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:1413

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:1414

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2017-1415.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:1801

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:1802

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610

Trust: 1.8

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401

Trust: 1.8

url:https://security.360.cn/cve/cve-2016-8610/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20171130-0001/

Trust: 1.8

url:https://security.paloaltonetworks.com/cve-2016-8610

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.8

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03897en_us

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2016-8610

Trust: 1.5

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401

Trust: 0.9

url:https://securityadvisories.paloaltonetworks.com/home/detail/87

Trust: 0.9

url:https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2173/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-6304

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-6304

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-8610

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:http://openssl.org/

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21994867

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21996760

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21997209

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-5664

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-5647

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-5647

Trust: 0.2

url:https://access.redhat.com/articles/3155411

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-5664

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/articles/2688611

Trust: 0.2

url:https://access.redhat.com/solutions/222023

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2178

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2178

Trust: 0.2

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2177

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-5334

Trust: 0.2

url:http://www.ubuntu.com/usn/usn-3183-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-7444

Trust: 0.2

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbhf03897en_us

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://github.com/cujanovic/cve-2016-8610-poc

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=49575

Trust: 0.1

url:https://usn.ubuntu.com/3183-2/

Trust: 0.1

url:https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.1.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3731

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7056

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.7

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3183-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.6

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5336

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls28/3.5.3-5ubuntu1.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5335

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.13

Trust: 0.1

sources: VULHUB: VHN-97430 // VULMON: CVE-2016-8610 // BID: 93841 // PACKETSTORM: 143874 // PACKETSTORM: 143176 // PACKETSTORM: 143873 // PACKETSTORM: 140781 // PACKETSTORM: 143181 // PACKETSTORM: 141708 // PACKETSTORM: 140890 // CNNVD: CNNVD-201610-726 // JVNDB: JVNDB-2016-008860 // NVD: CVE-2016-8610

CREDITS

Shi Lei from Gear Team, Qihoo 360 Inc.

Trust: 0.9

sources: BID: 93841 // CNNVD: CNNVD-201610-726

SOURCES

db:VULHUBid:VHN-97430
db:VULMONid:CVE-2016-8610
db:BIDid:93841
db:PACKETSTORMid:143874
db:PACKETSTORMid:143176
db:PACKETSTORMid:143873
db:PACKETSTORMid:140781
db:PACKETSTORMid:143181
db:PACKETSTORMid:141708
db:PACKETSTORMid:140890
db:CNNVDid:CNNVD-201610-726
db:JVNDBid:JVNDB-2016-008860
db:NVDid:CVE-2016-8610

LAST UPDATE DATE

2025-12-22T20:37:17.921000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-97430date:2023-02-12T00:00:00
db:VULMONid:CVE-2016-8610date:2023-02-12T00:00:00
db:BIDid:93841date:2017-08-22T08:11:00
db:CNNVDid:CNNVD-201610-726date:2023-02-13T00:00:00
db:JVNDBid:JVNDB-2016-008860date:2024-02-27T03:18:00
db:NVDid:CVE-2016-8610date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:VULHUBid:VHN-97430date:2017-11-13T00:00:00
db:VULMONid:CVE-2016-8610date:2017-11-13T00:00:00
db:BIDid:93841date:2016-10-24T00:00:00
db:PACKETSTORMid:143874date:2017-08-22T05:29:02
db:PACKETSTORMid:143176date:2017-06-28T22:12:00
db:PACKETSTORMid:143873date:2017-08-22T05:28:16
db:PACKETSTORMid:140781date:2017-01-30T16:58:54
db:PACKETSTORMid:143181date:2017-06-28T22:37:00
db:PACKETSTORMid:141708date:2017-03-20T23:36:43
db:PACKETSTORMid:140890date:2017-02-02T02:05:34
db:CNNVDid:CNNVD-201610-726date:2016-10-25T00:00:00
db:JVNDBid:JVNDB-2016-008860date:2017-12-01T00:00:00
db:NVDid:CVE-2016-8610date:2017-11-13T22:29:00.203