ID CVE-2016-7056
Summary A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zd:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zd:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8zh:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8zh:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.0t:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0t:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1u:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1u:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
CVSS
Base: 2.1 (as of 12-02-2023 - 23:25)
Impact:
Exploitability:
CWE CWE-385
CAPEC
  • Cross-Domain Search Timing
    An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the "img" tag in conjunction with "onload() / onerror()" javascript events. For the POST requests, an attacker could leverage the "iframe" element and leverage the "onload()" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim's mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim's e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1450015
    title Regression in openssl req -x509 in openssl-1.0.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment openssl is earlier than 1:1.0.2k-8.el7
            oval oval:com.redhat.rhba:tst:20171929001
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171929002
        • AND
          • comment openssl-devel is earlier than 1:1.0.2k-8.el7
            oval oval:com.redhat.rhba:tst:20171929003
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171929004
        • AND
          • comment openssl-libs is earlier than 1:1.0.2k-8.el7
            oval oval:com.redhat.rhba:tst:20171929005
          • comment openssl-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171929006
        • AND
          • comment openssl-perl is earlier than 1:1.0.2k-8.el7
            oval oval:com.redhat.rhba:tst:20171929007
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171929008
        • AND
          • comment openssl-static is earlier than 1:1.0.2k-8.el7
            oval oval:com.redhat.rhba:tst:20171929009
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171929010
    rhsa
    id RHBA-2017:1929
    released 2017-08-01
    severity Moderate
    title RHBA-2017:1929: openssl bug fix and enhancement update (Moderate)
  • rhsa
    id RHSA-2017:1413
  • rhsa
    id RHSA-2017:1414
  • rhsa
    id RHSA-2017:1415
  • rhsa
    id RHSA-2017:1801
  • rhsa
    id RHSA-2017:1802
rpms
  • openssl-1:1.0.2k-8.el7
  • openssl-debuginfo-1:1.0.2k-8.el7
  • openssl-devel-1:1.0.2k-8.el7
  • openssl-libs-1:1.0.2k-8.el7
  • openssl-perl-1:1.0.2k-8.el7
  • openssl-static-1:1.0.2k-8.el7
  • jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat7-0:7.0.70-22.ep7.el6
  • tomcat7-0:7.0.70-22.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-javadoc-0:7.0.70-22.ep7.el6
  • tomcat7-javadoc-0:7.0.70-22.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-jsvc-0:7.0.70-22.ep7.el6
  • tomcat7-jsvc-0:7.0.70-22.ep7.el7
  • tomcat7-lib-0:7.0.70-22.ep7.el6
  • tomcat7-lib-0:7.0.70-22.ep7.el7
  • tomcat7-log4j-0:7.0.70-22.ep7.el6
  • tomcat7-log4j-0:7.0.70-22.ep7.el7
  • tomcat7-selinux-0:7.0.70-22.ep7.el6
  • tomcat7-selinux-0:7.0.70-22.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
  • tomcat7-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-webapps-0:7.0.70-22.ep7.el7
  • tomcat8-0:8.0.36-24.ep7.el6
  • tomcat8-0:8.0.36-24.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
  • tomcat8-javadoc-0:8.0.36-24.ep7.el6
  • tomcat8-javadoc-0:8.0.36-24.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
  • tomcat8-jsvc-0:8.0.36-24.ep7.el6
  • tomcat8-jsvc-0:8.0.36-24.ep7.el7
  • tomcat8-lib-0:8.0.36-24.ep7.el6
  • tomcat8-lib-0:8.0.36-24.ep7.el7
  • tomcat8-log4j-0:8.0.36-24.ep7.el6
  • tomcat8-log4j-0:8.0.36-24.ep7.el7
  • tomcat8-selinux-0:8.0.36-24.ep7.el6
  • tomcat8-selinux-0:8.0.36-24.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
  • tomcat8-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-webapps-0:8.0.36-24.ep7.el7
refmap via4
bid 95375
confirm
debian DSA-3773
misc https://eprint.iacr.org/2016/1195
mlist [oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)
sectrack 1037575
Last major update 12-02-2023 - 23:25
Published 10-09-2018 - 16:29
Last modified 12-02-2023 - 23:25
Back to Top