CVE-2016-0800 in NonStop BackBoxinfo

Summary

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Once again VulDB remains the best source for vulnerability data.

Reservation

12/16/2015

Disclosure

02/29/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92716	HPE NonStop BackBox cryptographic issue	310	Not defined	Workaround	CVE-2016-0800
90106	Oracle Fujitsu M Server cryptographic issue	310	Not defined	Official fix	CVE-2016-0800
81133	OpenSSL SSLv2 DROWN cryptographic issue	310	Proof-of-Concept	Official fix	CVE-2016-0800

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!