CVE-2016-2107 in Oracle Communications Application Session Controllerinfo

Summary

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Reservation

01/29/2016

Disclosure

05/04/2016

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
125384Oracle Communications Application Session Controller OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
112014Oracle Mobile Security Suite OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
108017Oracle Communications WebRTC Session Controller OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
103913Oracle Communications EAGLE LNP Application Processor OpenSSL information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
103909Oracle Enterprise Communications Broker OpenSSL information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
103908Oracle Communications Session Router OpenSSL information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
100030Oracle Commerce Guided Search/Commerce Experience Manager Platform Services information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
92953Oracle Sun Ray Operating Software OpenSSL information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
92941Oracle Primavera P6 Professional Project Management OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92940Oracle Life Sciences Data Hub OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92939Oracle Enterprise Session Border Controller OpenSSL cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92938Oracle Commerce Guided Search/Commerce Experience Manager MDEX cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92937Oracle Transportation Management Install cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92935Oracle Enterprise Manager Ops Center cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107
92756Oracle Business Intelligence Enterprise Edition Installation information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
90003Oracle Communications Unified Session Manager Routing information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89975Oracle PeopleSoft Enterprise PeopleTools Security information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89960Oracle Agile Engineering Data Management Install information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89917Oracle Enterprise Manager Base Platform Discovery information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89903Oracle Exalogic Infrastructure Base Image information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89902Oracle Access Manager Web Server Plugin information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
89773Apple Mac OS X OpenSSL information disclosure200Proof-of-ConceptOfficial fixCVE-2016-2107
83255OpenSSL AES-NI CBC MAC Check e_aes_cbc_hmac_sha1.c cryptographic issue310Proof-of-ConceptOfficial fixCVE-2016-2107

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!