CVE-2016-0800
published 2016-03-01CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before…
PriorityP265medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
82.11%
99.6th percentile
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 3.13 (bookworm) | nss 3.13 (bookworm) |
| debian | openssl | < nss 3.13 (bookworm) | nss 3.13 (bookworm) |
| debian | openssl | < openssl 1.0.0c-2 (bookworm) | openssl 1.0.0c-2 (bookworm) |
| mozilla | nss | >= 0 < 3.13 | 3.13 |
| mozilla | nss | >= 0 < 3.13 | 3.13 |
| mozilla | nss | >= 0 < 3.13 | 3.13 |
| mozilla | nss | >= 0 < 3.13 | 3.13 |
| openssl | openssl | <= 0.9.8ze | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Use Nessus plugin 89058 to remotely detect the SSL DROWN Attack Vulnerability (CVE-2016-0800) ↗
- →Use Nessus plugin 89081 to detect OpenSSL 1.0.1 < 1.0.1s on web servers as vulnerable to DROWN ↗
- →Use Nessus plugin 89082 to detect OpenSSL 1.0.2 < 1.0.2g on web servers as vulnerable to DROWN ↗
- →Use PVS/Nessus Network Monitor plugin 9127 to passively detect SSLv2 Cross-Protocol Session Decryption (DROWN) on monitored traffic ↗
- →Use PVS/Nessus Network Monitor plugin 9128 to passively detect OpenSSL 1.0.1 < 1.0.1s / 1.0.2 < 1.0.2g DROWN vulnerability ↗
- ·CVE-2016-0703 (special OpenSSL variant) greatly amplifies DROWN attack speed and also exposes all other hostnames in the server's certificate, beyond just RSA-key-sharing servers ↗
- ·CVE-2015-3197 allows a DROWN attacker to connect to a server with SSLv2 cipher suites disabled as long as SSLv2 protocol support itself is still enabled, widening the attack surface ↗
- ·At time of disclosure (March 1, 2016), 33% of all HTTPS sites were affected; scan data from Censys used by SSL Labs may be stale — real-time checks are required for accurate assessment ↗
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
CISA ICS
Siemens Industrial Products DROWN Vulnerability (Update C)
cisa_ics·2017-06-15
Siemens Industrial Products DROWN Vulnerability (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Industrial Products DROWN Vulnerability (Update C)
Last RevisedNovember 28, 2017
Alert CodeICSA-16-103-03C
## OVERVIEW
This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site.
Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last accessed April 12, 2016. (Decrypting RSA with Obsolete and Weakened eNcryption) attack can affect some Siemens industrial products under certain conditions. Siemens recomm
Palo Alto
PAN-SA-2016-0030 OpenSSL Vulnerabilities
vendor_paloalto·2016-10-18·CVSS 5.9
CVE-2016-0703 [MEDIUM] CWE-200 PAN-SA-2016-0030 OpenSSL Vulnerabilities
PAN-SA-2016-0030 OpenSSL Vulnerabilities
The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-55477/92481) The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from moderate to high but have not been shown to be exploitable at the time of this advisory. This issue affects PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier CVE CVSS Summary CVE-2016-0703 5.9 ( CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N ) The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2
BSD
FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2016-03-10·CVSS 5.1
CVE-2016-0702 [MEDIUM] FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-16:12.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-03-10
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3)
2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13)
2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30)
2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE)
2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco·2016-03-02
CVE-2016-0702 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.
DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.
To execute a successful DROWN attack, the attacker m
Red Hat
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
vendor_redhat·2016-03-01·CVSS 5.9
CVE-2016-0704 [MEDIUM] openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.
Package: openssl097a (Red Hat Enterprise Linux 5
Red Hat
openssl: Divide-and-conquer session key recovery in SSLv2
vendor_redhat·2016-03-01·CVSS 5.9
CVE-2016-0703 [MEDIUM] openssl: Divide-and-conquer session key recovery in SSLv2
openssl: Divide-and-conquer session key recovery in SSLv2
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.
Package: ope
Red Hat
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
vendor_redhat·2016-03-01·CVSS 5.9
CVE-2016-0800 [MEDIUM] SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.
Package: nss (Red Hat Enterprise Linux 5)
Ivanti
Ivanti Security Advisory: CVE-2016-0800
vendor_ivanti·2016-03-01·CVSS 5.9
CVE-2016-0800 [MEDIUM] CWE-200 Ivanti Security Advisory: CVE-2016-0800
Ivanti Security Advisory: CVE-2016-0800
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
CVE IDs: CVE-2016-0800
CVSS Base Score: 5.9
Severity: MEDIUM
CWEs: CWE-200, CWE-310
Debian
CVE-2016-0800: nss - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and...
vendor_debian·2016·CVSS 5.9
CVE-2016-0800 [MEDIUM] CVE-2016-0800: nss - The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and...
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Scope: local
bookworm: resolved (fixed in 3.13)
bullseye: resolved (fixed in 3.13)
forky: resolved (fixed in 3.13)
sid: resolved (fixed in 3.13)
trixie: resolved (fixed in 3.13)
Debian
CVE-2016-0703: openssl - The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in O...
vendor_debian·2016·CVSS 5.9
CVE-2016-0703 [MEDIUM] CVE-2016-0703: openssl - The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in O...
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
Scope: local
bookworm: resolved (fixed in 1.0.0c-2)
bullseye: resolved (fixed in 1.0.0c-2)
forky: resolved (fixed in 1.0.0c-2)
sid: resolved (fixed in 1.0.0c-2)
trixie: resolved (fixed in 1.0.0c-2)
Debian
CVE-2016-0704: openssl - An oracle protection mechanism in the get_client_master_key function in s2_srvr....
vendor_debian·2016·CVSS 5.9
CVE-2016-0704 [MEDIUM] CVE-2016-0704: openssl - An oracle protection mechanism in the get_client_master_key function in s2_srvr....
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
Scope: local
bookworm: resolved (fixed in 1.0.0c-2)
bullseye: resolved (fixed in 1.0.0c-2)
forky: resolved (fixed in 1.0.0c-2)
sid: resolved (fixed in 1.0.0c-2)
trixie: resolved (fixed in 1.0.0c-2)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco
CVE-2016-0800 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
CVE-2016-0800: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, th
GHSA
GHSA-m84j-fv95-cmq3: An oracle protection mechanism in the get_client_master_key function in s2_srvr
ghsa_unreviewed·2022-05-14·CVSS 5.9
CVE-2016-0704 [MEDIUM] CWE-200 GHSA-m84j-fv95-cmq3: An oracle protection mechanism in the get_client_master_key function in s2_srvr
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
GHSA
GHSA-jqfv-c9gp-wf8f: The get_client_master_key function in s2_srvr
ghsa_unreviewed·2022-05-13·CVSS 5.9
CVE-2016-0703 [MEDIUM] CWE-200 GHSA-jqfv-c9gp-wf8f: The get_client_master_key function in s2_srvr
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
GHSA
GHSA-fqw2-3v24-gc79: The SSLv2 protocol, as used in OpenSSL before 1
ghsa_unreviewed·2022-05-13
CVE-2016-0800 [MEDIUM] CWE-200 GHSA-fqw2-3v24-gc79: The SSLv2 protocol, as used in OpenSSL before 1
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
OSV
CVE-2016-0704: An oracle protection mechanism in the get_client_master_key function in s2_srvr
osv·2016-03-02·CVSS 5.9
CVE-2016-0704 [MEDIUM] CVE-2016-0704: An oracle protection mechanism in the get_client_master_key function in s2_srvr
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
OSV
CVE-2016-0703: The get_client_master_key function in s2_srvr
osv·2016-03-02·CVSS 5.9
CVE-2016-0703 [MEDIUM] CVE-2016-0703: The get_client_master_key function in s2_srvr
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
OSV
CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1
osv·2016-03-01·CVSS 5.9
CVE-2016-0800 [MEDIUM] CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
No detection rules found.
Tenable
Top 12 Tenable Blogs for 2016
blogs_tenable·2016-12-28
Top 12 Tenable Blogs for 2016
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Top 12 Tenable Blogs for 2016
blogs_tenable·2016-12-28·CVSS 5.9
[MEDIUM] Top 12 Tenable Blogs for 2016
Blog /
Subscribe
# Top 12 Tenable Blogs for 2016
Eileen Bator
December 28, 2016
1 Min Read
As the year draws to a close, we’d like to share our most popular blogs from 2016. From UPnP detection to Mr. Robot exploits, our readers were most interested in the technical details of cybersecurity issues. But there’s something for everyone in our top 12 blogs of 2016:
1. Hunting for Web Shells – Jacob Baines 12/20/16
2. Do You Know Where Your UPnP Is? - Jacob Baines 10/20/16
3. Expanding on a Known Vulnerability: Attacking with Jython - Jacob Baines 9/7/16
4. Threat Hunting with YARA and Nessus - Jacob Baines 7/20/16
5. Tenable Automates NIST Cybersecurity Framework Technical Controls - Ted Gary 3/1/16
6. Mr. Robot vs. the Android - Andrew Freeborn 8/31/16
7. New in Nessus 6.6 - Diane Garey
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN
blogs_tenable·2016-03-07·CVSS 5.9
[MEDIUM] New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN
blogs_tenable·2016-03-07·CVSS 5.9
CVE-2016-0800 [MEDIUM] New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN
Blog /
Subscribe
# New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN
Kelly Prevett
March 7, 2016
3 Min Read
No matter which product you have, Nessus®, SecurityCenter™, SecurityCenter CV™, or Passive Vulnerability Scanner™, Tenable can determine if you are at risk of “drowning.”
The DROWN CVE-2016-0800 vulnerability is a cross protocol vulnerability that enables an attacker to decrypt TLS connections between up-to-date clients and servers by sending packets to any server that supports SSLv2 using the same private key.
The DROWN vulnerability’s impact is made worse by two additional OpenSSL implementation vulnerabilities:
- CVE-2015-3197, which allows a DROWN attacker to connect to the server with disabled SSLv2 ciphersuites, provided that support for SSLv2 itself is
Qualys
SSL Labs DROWN Test Implementation Details | Qualys
blogs_qualys·2016-03-04·CVSS 5.9
[MEDIUM] SSL Labs DROWN Test Implementation Details | Qualys
Two days ago the DROWN vulnerability came to light , showing new ways to attack TLS. SSL Labs deployed tests for DROWN in the staging environment yesterday, and we’ll be pushing it to production shortly. Because DROWN is a tricky problem, the aim of this blog post is to provide an explanation of what we test for and how exactly.
First of all, we have known SSL v2 to be insecure for a very long time—over 20 years. As a result, even before DROWN SSL Labs used to give Fs to servers that supported this ancient version of the SSL protocol. DROWN actually makes things worse, because it abuses SSL v2 to attack all other protocols.
Further, DROWN introduces two additional attack vectors:
A server that has SSL v2 enabled can be used to attack any other servers that reuse the same RSA key; even t
Qualys
SSL Labs DROWN Test Implementation Details | Qualys
blogs_qualys·2016-03-04·CVSS 5.9
[MEDIUM] SSL Labs DROWN Test Implementation Details | Qualys
Two days ago the DROWN vulnerability came to light, showing new ways to attack TLS. SSL Labs deployed tests for DROWN in the staging environment yesterday, and we’ll be pushing it to production shortly. Because DROWN is a tricky problem, the aim of this blog post is to provide an explanation of what we test for and how exactly.
First of all, we have known SSL v2 to be insecure for a very long time—over 20 years. As a result, even before DROWN SSL Labs used to give Fs to servers that supported this ancient version of the SSL protocol. DROWN actually makes things worse, because it abuses SSL v2 to attack all other protocols.
Further, DROWN introduces two additional attack vectors:
- A server that has SSL v2 enabled can be used to attack any other servers that reuse the same RSA key; even
Tenable
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
blogs_tenable·2016-03-02
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
HackerOne
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
hackerone·2016-09-21·CVSS 5.9
CVE-2016-0800 [MEDIUM] Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure.
This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability:
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
This is probably a good opportunity to again thank everyone who helped with the disclosure process :-)
Severity: High
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protoc
HackerOne
DROWN Attack
hackerone·2016-03-03·CVSS 5.9
[MEDIUM] DROWN Attack
DROWN Attack
Hi,
I want to report a drown attack in *.owncloud.com.
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or
POP) shares the RSA keys of the non-vulnerable server. This vulnerability is
known as DROWN (CVE-2016-0800).
You can check here: https://test.drownattack.com/?site=owncloud.com
Bugzilla
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
bugzilla·2016-02-22·CVSS 5.0
CVE-2016-0800 [MEDIUM] CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A group of security researchers discovered that SSLv2 (Secure Sockets Layer protocol version 2.0) is vulnerable to the Bleichenbacher RSA padding oracle attack, which can be used to decrypt RSA cipher text without knowledge of the matching private RSA key by observing responses form a server that has the private key and performs decryption of attacker provided cipher texts using that key. This flaw is a SSLv2 protocol issue and affects all implementations of the protocol.
They also demonstrated a cross-protocol attack which allows them to decrypt SSL/TLS sessions using newer protocol versions - SSLv3 or any current TLS (Transport Layer Security) version (1.0 - 1.2) - using this SSLv2 weakness. This cross-protocol att
Bugzilla
CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info
bugzilla·2016-01-20·CVSS 6.5
CVE-2016-2050 [MEDIUM] CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info
CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info
An out-of-bounds write vulnerability was found in libdwarf-20151114 in get_abbrev_array_info function.
CVE request (contains reproducer and valgrind report):
http://seclists.org/oss-sec/2016/q1/141
Discussion:
Created libdwarf tracking bugs for this issue:
Affects: fedora-all [bug 1300332]
Affects: epel-all [bug 1300333]
---
This bug appears to have been introduced by the following upstream commit from Wed Dec 31 16:45:14 2014 -0800 :
https://github.com/tomhughes/libdwarf/commit/3ff5a4a024924
and is resolved by the following commit :
https://github.com/tomhughes/libdwarf/commit/a05f5e2ae6a5f
Red Hat Enterprise Linux v.7 is shipped with an earlier version and is not impacted.
---
Statement:
This issue did not
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
arXiv
Secure by default - the case of TLS
arxiv_fulltext·2017-08-24
Secure by default - the case of TLS
Secure by default -- the case of TLS
Martin Stanek \ 1ex]
Department of Computer Science
Comenius University
@dcs.fmph.uniba.sk
## Abstract
Default configuration of various software applications often neglects security objectives.
We tested the default configuration of TLS in dozen web and application servers.
The results show that ``secure by default'' principle should be adopted more broadly
by developers and package maintainers. In addition, system administrators cannot
rely blindly on default security options.
: TLS, secure defaults, testing.
## Introduction
Security often depends on prudent configuration of software components used in a deployed
system. All necessary security controls and options are there, but one have
to turn them on or simply start using them. Unfortunately
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlhttp://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://marc.info/?l=bugtraq&m=146133665209436&w=2http://rhn.redhat.com/errata/RHSA-2016-1519.htmlhttp://support.citrix.com/article/CTX208403http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-enhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/83733http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdfhttps://access.redhat.com/security/vulnerabilities/drownhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdfhttps://drownattack.comhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://ics-cert.us-cert.gov/advisories/ICSA-16-103-03https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168https://kc.mcafee.com/corporate/index?page=content&id=SB10154https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.aschttps://security.gentoo.org/glsa/201603-15https://security.netapp.com/advisory/ntap-20160301-0001/https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18https://www.kb.cert.org/vuls/id/583776https://www.openssl.org/news/secadv/20160301.txthttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlhttp://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://marc.info/?l=bugtraq&m=146133665209436&w=2http://rhn.redhat.com/errata/RHSA-2016-1519.htmlhttp://support.citrix.com/article/CTX208403http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-enhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/83733http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdfhttps://access.redhat.com/security/vulnerabilities/drown
+ 26 more references
2016-03-01
Published