Exploitation Summary
EIP tracks 1 public exploit for CVE-2016-0800. PoCs published by anthophilee.
AI-analyzed exploit summary This repository contains a Python-based scanner tool (A2SV) designed to detect multiple SSL/TLS vulnerabilities, including CVE-2015-0204 (FREAK Attack). It automates the scanning process for various CVEs by leveraging Python scripts and dependencies.
Description
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Exploits (1)
nomisec
SCANNER
5 stars
by anthophilee · poc
https://github.com/anthophilee/A2SV--SSL-VUL-Scan
This repository contains a Python-based scanner tool (A2SV) designed to detect multiple SSL/TLS vulnerabilities, including CVE-2015-0204 (FREAK Attack). It automates the scanning process for various CVEs by leveraging Python scripts and dependencies.
Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
SSL/TLS implementations (various versions)
No auth needed
Prerequisites:
Python 2.x · pip2 · git · network access to target
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (63)
Core 63
Core References
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Vendor Advisory
http://support.citrix.com/article/CTX208403
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10154
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf
Mailing List vendor-advisory
http://marc.info/?l=bugtraq&m=146133665209436&w=2
Mailing List vendor-advisory
http://marc.info/?l=bugtraq&m=146108058503441&w=2
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Mailing List vendor-advisory
http://marc.info/?l=bugtraq&m=145983526810210&w=2
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1519.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201603-15
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
Various Sources vendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
Various Sources vendor-advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/83733
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1035133
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
Vendor Advisory
https://access.redhat.com/security/vulnerabilities/drown
Vendor Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
Vendor Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
Vendor Advisory
https://www.openssl.org/news/secadv/20160301.txt
Various Sources
https://drownattack.com
Various Sources
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Various Sources
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03
Various Sources
https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18
Vendor Advisory
https://security.netapp.com/advisory/ntap-20160301-0001/
Third Party Advisory, US Government Resource third-party-advisory
https://www.kb.cert.org/vuls/id/583776
Scores
CVSS v3
5.9
EPSS
0.8211
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-310
Status
published
Products (28)
openssl/openssl
1.0.1 (4 CPE variants)
openssl/openssl
1.0.1a
openssl/openssl
1.0.1b
openssl/openssl
1.0.1c
openssl/openssl
1.0.1d
openssl/openssl
1.0.1e
openssl/openssl
1.0.1f
openssl/openssl
1.0.1g
openssl/openssl
1.0.1h
openssl/openssl
1.0.1i
... and 18 more
Published
Mar 01, 2016
Tracked Since
Feb 18, 2026