Vulnerability Details : CVE-2016-0800
Public exploit exists!
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2016-0800
Probability of exploitation activity in the next 30 days: 95.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-0800
-
SSL/TLS Version Detection
Disclosure Date: 2014-10-14First seen: 2022-12-23auxiliary/scanner/ssl/ssl_versionCheck if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/no
CVSS scores for CVE-2016-0800
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
|
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-0800
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0800
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953
HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
[security-announce] openSUSE-SU-2016:0638-1: important: Security update
-
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of In
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
[security-announce] SUSE-SU-2016:0620-1: important: Security update for
-
https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18
Security Advisory 0018 - Arista
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
[security-announce] SUSE-SU-2016:0617-1: important: Security update for
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
Juniper Networks - Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
HPSBNS03571 rev.1 - HPE NonStop Virtual TapeServer (VTS), Remote Arbitrary Code Execution, Denial of Service (DoS), Unauthorized Information Disclosure
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
[security-announce] SUSE-SU-2016:0631-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
[security-announce] openSUSE-SU-2016:0640-1: important: Security update
-
http://www.securitytracker.com/id/1035133
OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases - SecurityTracker
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cpuapr2016v3
-
http://marc.info/?l=bugtraq&m=145983526810210&w=2
'[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of' - MARC
-
http://www.securityfocus.com/bid/91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
-
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
[security-announce] openSUSE-SU-2016:0627-1: important: Security update
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
HPESBGN03726 rev.1 - HPE Universal CMDB, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)
-
https://security.gentoo.org/glsa/201603-15
OpenSSL: Multiple vulnerabilities (GLSA 201603-15) — Gentoo security
-
http://support.citrix.com/article/CTX208403
Citrix XenServer Security Update for CVE-2016-0800
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
[security-announce] SUSE-SU-2016:0621-1: important: Security update for
-
https://access.redhat.com/security/vulnerabilities/drown
DROWN - Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800) - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-1519.html
RHSA-2016:1519 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=146108058503441&w=2
'[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS' - MARC
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
- https://www.openssl.org/news/secadv/20160301.txt
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
[security-announce] openSUSE-SU-2016:1241-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
[security-announce] openSUSE-SU-2016:0628-1: important: Security update
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554
HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
[security-announce] SUSE-SU-2016:0624-1: important: Security update for
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589
HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
HPSBMU03601 rev.2 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities
-
http://www.securityfocus.com/bid/83733
OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
-
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Oracle Critical Patch Update - July 2016
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://marc.info/?l=bugtraq&m=146133665209436&w=2
'[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of I' - MARC
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Pulse Security Advisory: SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory
-
https://security.netapp.com/advisory/ntap-20160301-0001/
CVE-2016-0800 SSLv2 Vulnerability in Multiple NetApp Products | NetApp Product Security
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
[security-announce] openSUSE-SU-2016:0637-1: important: Security update
-
https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
[security-announce] SUSE-SU-2016:1057-1: important: Security update for
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en
Security Advisory - OpenSSL DROWN Security Vulnerability
-
https://www.kb.cert.org/vuls/id/583776
VU#583776 - Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
[security-announce] openSUSE-SU-2016:0720-1: important: Security update
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
[security-announce] SUSE-SU-2016:0678-1: important: Security update for
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03
Siemens Industrial Products DROWN Vulnerability (Update C) | CISA
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765
HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10154
McAfee Security Bulletin: Network Data Loss Prevention update addresses CVE-2016-0800
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
[security-announce] openSUSE-SU-2016:1239-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
[security-announce] SUSE-SU-2016:0641-1: important: Security update for
-
https://drownattack.com
DROWN Attack
Products affected by CVE-2016-0800
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
- cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*