vulnerability
Pulse Secure Pulse Connect Secure: CVE-2016-2108: [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory (SA40202)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | May 5, 2016 | Oct 28, 2020 | Feb 15, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
May 5, 2016
Added
Oct 28, 2020
Modified
Feb 15, 2024
Description
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Solutions
pulse-secure-pulse-connect-secure-upgrade-5_2r7pulse-secure-pulse-connect-secure-upgrade-7_4r13_7pulse-secure-pulse-connect-secure-upgrade-8_0r16pulse-secure-pulse-connect-secure-upgrade-8_1r10pulse-secure-pulse-connect-secure-upgrade-8_2r4pulse-secure-pulse-connect-secure-upgrade-8_2r5
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.