Traffic decryption in OpenSSL
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-2107 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
OpenSSL Server applications / Encryption software Oracle Solaris Operating systems & Components / Operating system Oracle Linux Operating systems & Components / Operating system macOS Operating systems & Components / Operating system Oracle Access Manager Server applications / Directory software, identity management Oracle Exalogic Infrastructure Server applications / Remote management servers, RDP, SSH Oracle Enterprise Manager Ops Center Server applications / Remote management servers, RDP, SSH Enterprise Manager Base Platform Server applications / Other server solutions Oracle Agile Engineering Data Management Other software / Other software solutions Oracle Business Intelligence Enterprise Edition Other software / Other software solutions Oracle Transportation Management Other software / Other software solutions Oracle Enterprise Session Border Controller Other software / Other software solutions Oracle Life Sciences Data Hub Other software / Other software solutions Primavera P6 Professional Project Management Other software / Other software solutions PeopleSoft Enterprise PeopleTools Client/Desktop applications / Office applications Oracle Communications Unified Session Manager Other Oracle VM VirtualBox Server applications / Virtualization software Oracle Secure Global Desktop Client/Desktop applications / Virtualization software Oracle E-Business Suite Web applications / E-Commerce systems Oracle Commerce Guided Search Web applications / E-Commerce systems |
| Vendor |
OpenSSL Software Foundation Oracle Apple Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Traffic decryption
EUVDB-ID: #VU639
Risk: High
CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-2107
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to decrypt traffic on the target system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
Update 1.0.1 to 1.0.1t.
Update 1.0.2 to 1.0.2h.
OpenSSL: 1.0.1 - 1.0.2
Oracle Solaris: 10 - 11.3
Oracle Access Manager: 10.1.4.2 - 11.1.1.7
Oracle Exalogic Infrastructure: 1.0 - 2.0
Enterprise Manager Base Platform: 12.1.0.5 - 13.1.0.0
Oracle Agile Engineering Data Management: 6.1.3.0 - 6.2.0.0
PeopleSoft Enterprise PeopleTools: 8.53 - 8.55
Oracle Communications Unified Session Manager: 7.2.5 - 7.3.5
Oracle VM VirtualBox: 5.0.20
Oracle Secure Global Desktop: 4.63 - 5.2
Oracle Business Intelligence Enterprise Edition: 11.1.1.7.0 - 12.2.1.1.0
Oracle Enterprise Manager Ops Center: 12.1.4 - 12.3.2
Oracle E-Business Suite: 12.1.3
Oracle Transportation Management: 6.1 - 6.3.7
Oracle Commerce Guided Search: 6.2.2 - 6.5.2
Oracle Enterprise Session Border Controller: Ecz7.3m1p4
Oracle Life Sciences Data Hub: 2.1
Primavera P6 Professional Project Management: 8.3 - 16.0
Oracle Linux: 6 - 7
macOS: 10.11 - 10.11.5
CPE2.3- cpe:2.3:a:openssl_software_foundation:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl_software_foundation:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_access_manager:10.1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_access_manager:10.1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_access_manager:11.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_exalogic_infrastructure:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_exalogic_infrastructure:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_agile_engineering_data_management:6.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.53:*:*:*:*:*:*:*
- cpe:2.3::oracle:oracle_communications_unified_session_manager:7.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_secure_global_desktop:4.63:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_business_intelligence_enterprise_edition:11.1.1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_e-business_suite:12.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_transportation_management:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_commerce_guided_search:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_enterprise_session_border_controller:Ecz7.3m1p4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_life_sciences_data_hub:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:10.11.5:*:*:*:*:*:*:*
https://www.openssl.org/news/secadv/20160503.tx
https://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://support.apple.com/cs-cz/HT206903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
