cbcvebase.
CVE-2016-0800
published 2016-03-01

CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before…

PriorityP265medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
82.11%
99.6th percentile
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
debiannss< nss 3.13 (bookworm)nss 3.13 (bookworm)
debianopenssl< nss 3.13 (bookworm)nss 3.13 (bookworm)
debianopenssl< openssl 1.0.0c-2 (bookworm)openssl 1.0.0c-2 (bookworm)
mozillanss>= 0 < 3.133.13
mozillanss>= 0 < 3.133.13
mozillanss>= 0 < 3.133.13
mozillanss>= 0 < 3.133.13
opensslopenssl<= 0.9.8ze
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

Detection & IOCsextracted from sources · hover to see the quote

  • Use Nessus plugin 89058 to remotely detect the SSL DROWN Attack Vulnerability (CVE-2016-0800)
  • Use Nessus plugin 89081 to detect OpenSSL 1.0.1 < 1.0.1s on web servers as vulnerable to DROWN
  • Use Nessus plugin 89082 to detect OpenSSL 1.0.2 < 1.0.2g on web servers as vulnerable to DROWN
  • Use PVS/Nessus Network Monitor plugin 9127 to passively detect SSLv2 Cross-Protocol Session Decryption (DROWN) on monitored traffic
  • Use PVS/Nessus Network Monitor plugin 9128 to passively detect OpenSSL 1.0.1 < 1.0.1s / 1.0.2 < 1.0.2g DROWN vulnerability
  • ·CVE-2016-0703 (special OpenSSL variant) greatly amplifies DROWN attack speed and also exposes all other hostnames in the server's certificate, beyond just RSA-key-sharing servers
  • ·CVE-2015-3197 allows a DROWN attacker to connect to a server with SSLv2 cipher suites disabled as long as SSLv2 protocol support itself is still enabled, widening the attack surface
  • ·At time of disclosure (March 1, 2016), 33% of all HTTPS sites were affected; scan data from Censys used by SSL Labs may be stale — real-time checks are required for accurate assessment

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.