{ "threat_severity" : "Moderate", "public_date" : "2016-05-03T00:00:00Z", "bugzilla" : { "description" : "openssl: Padding oracle in AES-NI CBC MAC check", "id" : "1331426", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1331426" }, "cvss" : { "cvss_base_score" : "4.0", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status" : "verified" }, "details" : [ "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle." ], "acknowledgement" : "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Juraj Somorovsky as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-05-10T00:00:00Z", "advisory" : "RHSA-2016:0996", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "openssl-0:1.0.1e-48.el6_8.1" }, { "product_name" : "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date" : "2016-10-18T00:00:00Z", "advisory" : "RHSA-2016:2073", "cpe" : "cpe:/o:redhat:rhel_eus:6.7", "package" : "openssl-0:1.0.1e-42.el6_7.5" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-05-09T00:00:00Z", "advisory" : "RHSA-2016:0722", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "openssl-1:1.0.1e-51.el7_2.5" }, { "product_name" : "Text-Only JBCS", "release_date" : "2016-12-15T00:00:00Z", "advisory" : "RHSA-2016:2957", "cpe" : "cpe:/a:redhat:jboss_core_services:1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Not affected", "package_name" : "openssl096b", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl097a", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat JBoss Core Services", "fix_state" : "Affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 3", "fix_state" : "Affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-2107\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2107\nhttps://openssl.org/news/secadv/20160503.txt" ], "name" : "CVE-2016-2107", "csaw" : false }