ID CVE-2016-8610
Summary A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL 1.0.2 Beta 2
    cpe:2.3:a:openssl:openssl:1.0.2:beta2
  • OpenSSL 1.0.2 Beta 3
    cpe:2.3:a:openssl:openssl:1.0.2:beta3
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • OpenSSL OpenSSL 1.0.2d
    cpe:2.3:a:openssl:openssl:1.0.2d
  • OpenSSL 1.0.2e
    cpe:2.3:a:openssl:openssl:1.0.2e
  • OpenSSL 1.0.2f
    cpe:2.3:a:openssl:openssl:1.0.2f
  • OpenSSL Project 1.0.2g
    cpe:2.3:a:openssl:openssl:1.0.2g
  • OpenSSL 1.0.2h
    cpe:2.3:a:openssl:openssl:1.0.2h
  • OpenSSL 1.1.0
    cpe:2.3:a:openssl:openssl:1.1.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0FCD3AF0A0FE11E6B1CF14DAE9D210B8.NASL
    description Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages. Impact : A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.
    last seen 2017-12-03
    modified 2017-12-01
    plugin id 94492
    published 2016-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94492
    title FreeBSD : FreeBSD -- OpenSSL Remote DoS vulnerability (0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1040.NASL
    description According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.(CVE-2016-2182) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) - A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.(CVE-2015-3197) - A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.(CVE-2016-0800) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-24
    plugin id 99885
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99885
    title EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1658.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
    last seen 2017-10-29
    modified 2017-07-05
    plugin id 101141
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101141
    title RHEL 6 : JBoss EAP (RHSA-2017:1658)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1030.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-24
    plugin id 99875
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99875
    title EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3183-1.NASL
    description Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-03-28
    plugin id 96952
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96952
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gnutls26, gnutls28 vulnerabilities (USN-3183-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-814.NASL
    description Several vulnerabilities were discovered in OpenSSL : CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service. For Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u2. We recommend that you upgrade your openssl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 96931
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96931
    title Debian DLA-814-1 : openssl security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0605-1.NASL
    description This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 97550
    published 2017-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97550
    title SUSE SLED12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0574.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es) : * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-03-28
    plugin id 97874
    published 2017-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97874
    title RHEL 6 : gnutls (RHSA-2017:0574)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0304-1.NASL
    description This update for gnutls fixes the following issues : - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 96870
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96870
    title SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0461-1.NASL
    description This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 97188
    published 2017-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97188
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0286.NASL
    description From Red Hat Security Advisory 2017:0286 : An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97293
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97293
    title Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0585-1.NASL
    description This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 97494
    published 2017-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97494
    title SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0348-1.NASL
    description This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 96950
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96950
    title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3181-1.NASL
    description Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert Swiecki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 96927
    published 2017-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96927
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-815.NASL
    description A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335 , CVE-2017-5336 , CVE-2017-5337)
    last seen 2017-10-29
    modified 2017-04-18
    plugin id 99419
    published 2017-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99419
    title Amazon Linux AMI : gnutls (ALAS-2017-815)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1029.NASL
    description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-24
    plugin id 99874
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99874
    title EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1042.NASL
    description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-12-05
    modified 2017-12-05
    plugin id 99887
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99887
    title EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1042)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-207.NASL
    description This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2017-10-29
    modified 2017-03-28
    plugin id 97004
    published 2017-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97004
    title openSUSE Security Update : gnutls (openSUSE-2017-207)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1039.NASL
    description According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.(CVE-2016-2182) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) - A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.(CVE-2015-3197) - A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.(CVE-2016-0800) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-10-24
    plugin id 99884
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99884
    title EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0574.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es) : * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-03-28
    plugin id 97951
    published 2017-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97951
    title CentOS 6 : gnutls (CESA-2017:0574)
  • NASL family Palo Alto Local Security Checks
    NASL id PALO_ALTO_PAN-OS_8_0_3.NASL
    description The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x prior to 6.1.18, 7.0.x prior to 7.0.17, 7.1.x prior to 7.1.12, or 8.0.x prior to 8.0.3. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the OpenSSL component that is triggered when handling a large number of consecutive 'SSL3_AL_WARNING' undefined alerts. An unauthenticated, remote attacker can exploit this, by continuously sending warning alerts, to exhaust available CPU resources. Note that this vulnerability does not affect the 8.0.x version branch. (CVE-2016-8610) - A remote code execution vulnerability exists in the Linux kernel in udp.c due to an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. An unauthenticated, remote attacker can exploit this, via specially crafted UDP traffic, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect the 7.0.x version branch. (CVE-2016-10229) - A remote code execution vulnerability exists in the DNS proxy service that is triggered when resolving fully qualified domain names (FQDN). An unauthenticated, remote attacker can exploit this to execute arbitrary code. Note that this vulnerability was fixed in version 7.1.10 for the 7.1.x version branch. (CVE-2017-8390) - A XML external entity (XXE) vulnerability exists due to an incorrectly configured XML parser accepting XML from an untrusted source. An unauthenticated, remote attacker can exploit this by sending specially crafted XML data to the GlobalProtect external interface. Exploitation of this vulnerability may allow disclosure of information, denial of service or server side request forgery. (CVE-2017-9458) - A stored cross-site scripting (XSS) vulnerability exists in the Firewall web interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-9459) - A cross-site scripting (XSS) vulnerability exists in the GlobalProtect component due to improper validation of user-supplied input to unspecified request parameters. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-9467, CVE-2017-12416) - A denial of service vulnerability exists that is triggered when the system attempts to close the connection of a rogue client that ignored the URL filtering block page. An unauthenticated, remote attacker can exploit this to crash the interface. Note that this vulnerability does not affect the 6.1.x and 7.0.x version branches. (VulnDB 159828)
    last seen 2017-12-19
    modified 2017-12-18
    plugin id 101164
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101164
    title Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170220_OPENSSL_ON_SL6_X.NASL
    description Security Fix(es) : - An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97295
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97295
    title Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1041.NASL
    description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-12-05
    modified 2017-12-05
    plugin id 99886
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99886
    title EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1041)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-803.NASL
    description An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97555
    published 2017-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97555
    title Amazon Linux AMI : openssl (ALAS-2017-803)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0574.NASL
    description From Red Hat Security Advisory 2017:0574 : An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es) : * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
    last seen 2017-10-29
    modified 2017-03-30
    plugin id 99063
    published 2017-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99063
    title Oracle Linux 6 : gnutls (ELSA-2017-0574)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0286.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97294
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97294
    title RHEL 6 / 7 : openssl (RHSA-2017:0286)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0286.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97305
    published 2017-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97305
    title CentOS 6 / 7 : openssl (CESA-2017:0286)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3773.NASL
    description Several vulnerabilities were discovered in OpenSSL : - CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. - CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. - CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 96842
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96842
    title Debian DSA-3773-1 : openssl - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-E853B4144F.NASL
    description Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97180
    published 2017-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97180
    title Fedora 24 : 1:openssl (2017-e853b4144f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-3451DBEC48.NASL
    description Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97054
    published 2017-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97054
    title Fedora 25 : 1:openssl (2017-3451dbec48)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3183-2.NASL
    description USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-03-28
    plugin id 97853
    published 2017-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97853
    title Ubuntu 12.04 LTS / 14.04 LTS : gnutls26 vulnerability (USN-3183-2)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0042.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts
    last seen 2017-10-29
    modified 2017-10-16
    plugin id 97316
    published 2017-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97316
    title OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-255.NASL
    description This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2017-10-29
    modified 2017-07-20
    plugin id 97275
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97275
    title openSUSE Security Update : openssl (openSUSE-2017-255)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170321_GNUTLS_ON_SL6_X.NASL
    description The following packages have been upgraded to a later upstream version: gnutls (2.12.23). Security Fix(es) : - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
    last seen 2017-10-29
    modified 2017-04-06
    plugin id 99217
    published 2017-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99217
    title Scientific Linux Security Update : gnutls on SL6.x i386/x86_64
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-0286.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-11-22
    modified 2017-11-21
    plugin id 101424
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101424
    title Virtuozzo 7 : openssl / openssl-devel / openssl-libs / etc (VZLSA-2017-0286)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2493.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
    last seen 2017-10-29
    modified 2017-08-23
    plugin id 102692
    published 2017-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102692
    title RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)
  • NASL family Firewalls
    NASL id SCREENOS_JSA10808.NASL
    description The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r24. It is, therefore, affected by a vulnerability in the way the TLS/SSL protocol specifies processing of ALERT packets during a connection handshake. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-12-03
    modified 2017-10-19
    plugin id 103925
    published 2017-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103925
    title Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808)
redhat via4
advisories
  • rhsa
    id RHSA-2017:0286
  • rhsa
    id RHSA-2017:0574
  • rhsa
    id RHSA-2017:1413
  • rhsa
    id RHSA-2017:1414
  • rhsa
    id RHSA-2017:1415
  • rhsa
    id RHSA-2017:1658
  • rhsa
    id RHSA-2017:1659
  • rhsa
    id RHSA-2017:1801
  • rhsa
    id RHSA-2017:1802
  • rhsa
    id RHSA-2017:2493
  • rhsa
    id RHSA-2017:2494
rpms
  • openssl-0:1.0.1e-48.el6_8.4
  • openssl-devel-0:1.0.1e-48.el6_8.4
  • openssl-perl-0:1.0.1e-48.el6_8.4
  • openssl-static-0:1.0.1e-48.el6_8.4
  • openssl-1:1.0.1e-60.el7_3.1
  • openssl-devel-1:1.0.1e-60.el7_3.1
  • openssl-libs-1:1.0.1e-60.el7_3.1
  • openssl-perl-1:1.0.1e-60.el7_3.1
  • openssl-static-1:1.0.1e-60.el7_3.1
  • gnutls-0:2.12.23-21.el6
  • gnutls-devel-0:2.12.23-21.el6
  • gnutls-guile-0:2.12.23-21.el6
  • gnutls-utils-0:2.12.23-21.el6
refmap via4
bid 93841
confirm
debian DSA-3773
freebsd FreeBSD-SA-16:35
misc https://security.360.cn/cve/CVE-2016-8610/
mlist [oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS
sectrack 1037084
Last major update 13-11-2017 - 17:29
Published 13-11-2017 - 17:29
Last modified 11-01-2018 - 21:29
Back to Top