CVE-2016-2107

This repository contains a functional exploit PoC for CVE-2016-2107, a vulnerability in OpenSSL's ASN.1 parser that allows remote attackers to cause a denial-of-service (DoS) via a crafted TLS message. The code includes a test function that sends a malformed TLS record to trigger the vulnerability and checks for specific error responses.

This repository contains a Dockerized test for CVE-2016-2107, a padding oracle vulnerability in OpenSSL CBC ciphersuites. The Dockerfile sets up a container with a statically linked binary to test the vulnerability, referencing Filippo Valsorda's original exploit code.

This exploit leverages a padding oracle vulnerability in OpenSSL (CVE-2016-2107) by sending malformed TLS Finished messages to trigger incorrect error handling. The provided XML configuration for TLS-Attacker demonstrates the attack by manipulating the plaintext bytes in the Finished message.