vulnerability
F5 Networks: K23196136 (CVE-2016-0800): OpenSSL vulnerability CVE-2016-0800
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 2016-03-01 | 2017-02-16 | 2018-02-01 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
2016-03-01
Added
2017-02-16
Modified
2018-02-01
Description
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Solution
f5-big-ip-upgrade-latest
References
- URL-https://support.f5.com/csp/article/K23196136
- SUSE-SUSE-SU-2016:0617
- SUSE-SUSE-SU-2016:0620
- SUSE-SUSE-SU-2016:0621
- SUSE-SUSE-SU-2016:0624
- SUSE-SUSE-SU-2016:0631
- SUSE-SUSE-SU-2016:0641
- SUSE-SUSE-SU-2016:0678
- SUSE-SUSE-SU-2016:1057
- REDHAT-RHSA-2016:1519
- BID-83733
- BID-91787
- SECTRACK-1035133
- FREEBSD-FreeBSD-SA-16:12
- GENTOO-GLSA-201603-15
- NVD-CVE-2016-0800

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.