CVE-2016-2107

MEDIUM

Redhat Enterprise Linux Desktop < 1.0.1s - Information Disclosure

Title source: rule

Description

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Juraj Somorovsky · textdosmultiple

https://www.exploit-db.com/exploits/39768

View Code ZIP pw:eip

nomisec WORKING POC 194 stars

by FiloSottile · poc

https://github.com/FiloSottile/CVE-2016-2107

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by tmiklas · poc

https://github.com/tmiklas/docker-cve-2016-2107

View Code ZIP pw:eip

References (58)

[Third Party Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0722.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0996.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2073.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2957.html

[Third Party Advisory] http://source.android.com/security/bulletin/2016-07-01.html

[Third Party Advisory] http://support.citrix.com/article/CTX212736

... and 38 more

Scores

CVSS v3 5.9

EPSS 0.7996

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-310 CWE-200

Status published

Products (47)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.10

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

google/android 4.0

google/android 4.0.1

google/android 4.0.2

google/android 4.0.3

google/android 4.0.4

... and 37 more

Published May 05, 2016

Tracked Since Feb 18, 2026