Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0800DROWN: Sensitive Information Exposure in OpenSSL SSLv2

CWE-200Sensitive Information ExposureCWE-310CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-39936 documents16 sources
Severity
5.9MEDIUMNVD
EPSS
90.3%
top 0.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Mozilla NSSOpensslDebian NSS+2 more
Timeline
PublishedMar 1
Latest updateDec 29

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

debiandebian/openssl< nss 3.13 (bookworm)+1
Debianopenssl/openssl< 1.0.0c-2+3
NVDopenssl/openssl0.9.8ze+44
debiandebian/nss< nss 3.13 (bookworm)
Debianmozilla/nss< 3.13+3

🔴Vulnerability Details

6
GHSA
GHSA-m84j-fv95-cmq3: An oracle protection mechanism in the get_client_master_key function in s2_srvr2022-05-14
GHSA
GHSA-jqfv-c9gp-wf8f: The get_client_master_key function in s2_srvr2022-05-13
GHSA
GHSA-fqw2-3v24-gc79: The SSLv2 protocol, as used in OpenSSL before 12022-05-13
OSV
CVE-2016-0704: An oracle protection mechanism in the get_client_master_key function in s2_srvr2016-03-02
OSV
CVE-2016-0703: The get_client_master_key function in s2_srvr2016-03-02

💥Exploits & PoCs

1
Metasploit
SSL/TLS Version Detection

📋Vendor Advisories

13
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
CISA ICS
Siemens Industrial Products DROWN Vulnerability (Update C)2017-06-15
Palo Alto
PAN-SA-2016-0030 OpenSSL Vulnerabilities2016-10-18
BSD
FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities2016-03-10
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 20162016-03-02

🕵️Threat Intelligence

7
Tenable
Top 12 Tenable Blogs for 20162016-12-28
Tenable
Top 12 Tenable Blogs for 20162016-12-28
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN2016-03-07
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN2016-03-07
Qualys
SSL Labs DROWN Test Implementation Details | Qualys2016-03-04

📄Research Papers

2
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware2022-12-29
arXiv
Secure by default - the case of TLS2017-08-24

💬Community

4
HackerOne
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)2016-09-21
HackerOne
DROWN Attack2016-03-03
Bugzilla
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)2016-02-22
Bugzilla
CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info2016-01-20
CVE-2016-0800 — DROWN: Sensitive Information Exposure | cvebase