CVE-2016-2107 in Oracle Communications Application Session Controllerinfo

Zusammenfassung (Englisch)

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Reservieren

29.01.2016

Veröffentlichung

04.05.2016

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
125384Oracle Communications Application Session Controller OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
112014Oracle Mobile Security Suite OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
108017Oracle Communications WebRTC Session Controller OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
103913Oracle Communications EAGLE LNP Application Processor OpenSSL Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
103909Oracle Enterprise Communications Broker OpenSSL Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
103908Oracle Communications Session Router OpenSSL Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
100030Oracle Commerce Guided Search/Commerce Experience Manager Platform Services Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
92953Oracle Sun Ray Operating Software OpenSSL Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
92941Oracle Primavera P6 Professional Project Management OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92940Oracle Life Sciences Data Hub OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92939Oracle Enterprise Session Border Controller OpenSSL schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92938Oracle Commerce Guided Search/Commerce Experience Manager MDEX schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92937Oracle Transportation Management Install schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92935Oracle Enterprise Manager Ops Center schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107
92756Oracle Business Intelligence Enterprise Edition Installation Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
90003Oracle Communications Unified Session Manager Routing Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89975Oracle PeopleSoft Enterprise PeopleTools Security Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89960Oracle Agile Engineering Data Management Install Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89917Oracle Enterprise Manager Base Platform Discovery Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89903Oracle Exalogic Infrastructure Base Image Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89902Oracle Access Manager Web Server Plugin Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
89773Apple Mac OS X OpenSSL Information Disclosure200Proof-of-ConceptOffizieller FixCVE-2016-2107
83255OpenSSL AES-NI CBC MAC Check e_aes_cbc_hmac_sha1.c schwache Verschlüsselung310Proof-of-ConceptOffizieller FixCVE-2016-2107

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!