Vulnerability-Lookup

CVE-2016-0702 (GCVE-0-2016-0702)

Vulnerability from cvelistv5 – Published: 2016-03-03 00:00 – Updated: 2024-08-05 22:30

Summary

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…
	https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisory
	http://www.oracle.com/technetwork/topics/security…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://marc.info/?l=bugtraq&m=145889460330120&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2914-1	vendor-advisory
	http://www.oracle.com/technetwork/topics/security…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Securit…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://openssl.org/news/secadv/20160301.txt
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.debian.org/security/2016/dsa-3500	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://www.openssl.org/news/secadv/20160301.txt
	http://www.oracle.com/technetwork/security-adviso…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	https://security.gentoo.org/glsa/201603-15	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.securitytracker.com/id/1035133	vdb-entry
	http://cachebleed.info
	https://git.openssl.org/?p=openssl.git%3Ba=commit…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…
	http://kb.juniper.net/InfoCenter/index?page=conte…
	https://cert-portal.siemens.com/productcert/pdf/s…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-2802690366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "HPSBGN03563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://cachebleed.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-2802690366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "FEDORA-2016-e6807b3394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "HPSBGN03563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "http://cachebleed.info"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0702",
    "datePublished": "2016-03-03T00:00:00.000Z",
    "dateReserved": "2015-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:30:03.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-080

Vulnerability from certfr_avis - Published: 2016-03-03 - Updated: 2016-03-03

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	NX-OS	Commutateurs Cisco Nexus séries 5500, 5600 et 6000 exécutant les versions de Cisco NX-OS 7.1 antérieures à 7.1(2)N1(1)
Cisco	N/A	Cisco Prime Infrastructure version 3.0
Cisco	N/A	Cisco FireSIGHT System Software version 6.1.0
Cisco	N/A	Commutateurs Cisco Nexus séries 1000V, 3000, 4000, 5000, 6000 et 7000
Cisco	N/A	Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0
Cisco	Unified Communications	Cisco Unified Communications Domain Manager versions 8.x antérieures à 8.1.1
Cisco	N/A	Voir le site du constructeur pour la liste des systèmes potentiellement affectés par les vulnérabilités concernant OpenSSL (lien fourni dans la section Documentation)
Cisco	N/A	Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0)
Cisco	N/A	Cisco Web Security Appliance (WSA) exécutant les versions d'AsyncOS antérieures à 8.5.3-051 et 9.0.0-485.

References

Title

Publication Time

Tags

Bulletin de sécurité les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-psc du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016	None	vendor-advisory
Bulletin de sécurité les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-psc du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016	-	other
Bulletin de sécurité les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Commutateurs Cisco Nexus s\u00e9ries 5500, 5600 et 6000 ex\u00e9cutant les versions de Cisco NX-OS 7.1 ant\u00e9rieures \u00e0 7.1(2)N1(1)",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Infrastructure version 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FireSIGHT System Software version 6.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs Cisco Nexus s\u00e9ries 1000V, 3000, 4000, 5000, 6000 et 7000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Domain Manager versions 8.x ant\u00e9rieures \u00e0 8.1.1",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir le site du constructeur pour la liste des syst\u00e8mes potentiellement affect\u00e9s par les vuln\u00e9rabilit\u00e9s concernant OpenSSL (lien fourni dans la section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Web Security Appliance (WSA) ex\u00e9cutant les versions d\u0027AsyncOS ant\u00e9rieures \u00e0 8.5.3-051 et 9.0.0-485.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-1356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1356"
    },
    {
      "name": "CVE-2016-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1354"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2015-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0718"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2016-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1353"
    },
    {
      "name": "CVE-2015-6260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6260"
    },
    {
      "name": "CVE-2016-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1355"
    },
    {
      "name": "CVE-2016-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1288"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2016-1359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1359"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2016-1357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1357"
    }
  ],
  "initial_release_date": "2016-03-03T00:00:00",
  "last_revision_date": "2016-03-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-wsa du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-cucdm du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-netstack du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-psc du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-FireSIGHT du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160226-vds-is du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-openssl du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-n5ksnmp du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco    cisco-sa-20160302-cpi1 du 02 mars 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi1"
    }
  ],
  "reference": "CERTFR-2016-AVI-080",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-psc du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-076

Vulnerability from certfr_avis - Published: 2016-03-01 - Updated: 2016-03-01

De multiples vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 1.0.2 antérieures à 1.0.2g
	OpenSSL	OpenSSL	OpenSSL versions 1.0.1 antérieures à 1.0.1s

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL 20160301 du 01 mars 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2g",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.1 ant\u00e9rieures \u00e0 1.0.1s",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    }
  ],
  "initial_release_date": "2016-03-01T00:00:00",
  "last_revision_date": "2016-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-076",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL 20160301 du 01 mars 2016",
      "url": "https://www.openssl.org/news/secadv/20160301.txt"
    }
  ]
}

CERTFR-2022-AVI-1094

Vulnerability from certfr_avis - Published: 2022-12-13 - Updated: 2022-12-13

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1
Siemens	N/A	SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html
Siemens	N/A	Teamcenter Visualization V13.2.x antérieures à V13.2.0.12
Siemens	N/A	TALON TC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SICAM PAS/PQS versions 8.x antérieures à 8.06
Siemens	N/A	Parasolid versions V35.0.x antérieures à V35.0.170
Siemens	N/A	SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5
Siemens	N/A	PLM Help Server V4.2 toutes versions
Siemens	N/A	SICAM PAS/PQS versions antérieures à 7.0
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SINUMERIK Operate versions antérieures à V6.14
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	Polarion ALM toutes versions
Siemens	N/A	APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	Mendix Email Connector versions antérieures à 2.0.0
Siemens	N/A	SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2
Siemens	N/A	JT2Go toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14
Siemens	N/A	APOGEE PXC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SCALANCE X-200RNA toutes versions
Siemens	N/A	SINAMICS STARTER versions antérieures à V5.4 HF2
Siemens	N/A	Simcenter STAR-CCM+ toutes versions
Siemens	N/A	SIMATIC Automation Tool versions antérieures à V4 SP2
Siemens	N/A	SIMATIC PCS neo versions antérieures à V3.0 SP1
Siemens	N/A	Parasolid versions V33.1.x antérieures à V33.1.264
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3
Siemens	N/A	SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP2
Siemens	N/A	Parasolid versions V34.1.x antérieures à V34.1.242
Siemens	N/A	SIMATIC Drive Controller family versions antérieures à V3.0.1
Siemens	N/A	Teamcenter Visualization V13.3.x
Siemens	N/A	Parasolid versions V34.0.x antérieures à V34.0.252
Siemens	N/A	SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html
Siemens	N/A	Teamcenter Visualization V14.1.x antérieures à V14.1.0.6
Siemens	N/A	Mcenter versions supérieures ou égales à V5.2.1.0
Siemens	N/A	SINEMA Server versions antérieures à V14 SP3
Siemens	N/A	SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024
Siemens	N/A	SIMATIC WinCC OA versions V3.15.x
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0
Siemens	N/A	SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13
Siemens	N/A	RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html
Siemens	N/A	SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5
Siemens	N/A	Teamcenter Visualization V14.0.x
Siemens	N/A	SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14
Siemens	N/A	SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	SIMATIC NET PC Software V16 versions antérieures à V16 Upd3
Siemens	N/A	SIMATIC ProSave versions antérieures à V17
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à V21.8
Siemens	N/A	Mendix Workflow Commons versions antérieures à 2.4.0
Siemens	N/A	SINAMICS Startdrive versions antérieures à V16 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018
Siemens	N/A	Calibre ICE versions supérieures ou égales à V2022.4
Siemens	N/A	SINUMERIK ONE virtual versions antérieures à V6.14

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens

2022-12-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PLM Help Server V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200RNA toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.15.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2021-40365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
    },
    {
      "name": "CVE-2022-41279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
    },
    {
      "name": "CVE-2022-46353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2019-6110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
    },
    {
      "name": "CVE-2022-46352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2022-46351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2003-1562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2022-41280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2019-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2022-41283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
    },
    {
      "name": "CVE-2022-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
    },
    {
      "name": "CVE-2016-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
    },
    {
      "name": "CVE-2022-45044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
    },
    {
      "name": "CVE-2018-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
    },
    {
      "name": "CVE-2022-44731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
    },
    {
      "name": "CVE-2022-46355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2022-41288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2016-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
    },
    {
      "name": "CVE-2022-43517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
    },
    {
      "name": "CVE-2016-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2022-3160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
    },
    {
      "name": "CVE-2016-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
    },
    {
      "name": "CVE-2016-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2022-41282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2022-46350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
    },
    {
      "name": "CVE-2022-46142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2016-6304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2022-46140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
    },
    {
      "name": "CVE-2016-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2019-16905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2016-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
    },
    {
      "name": "CVE-2019-6111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
    },
    {
      "name": "CVE-2016-8858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2022-41281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2020-7580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2022-34821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
    },
    {
      "name": "CVE-2016-6308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
    },
    {
      "name": "CVE-2021-44694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
    },
    {
      "name": "CVE-2016-6306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
    },
    {
      "name": "CVE-2017-15906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
    },
    {
      "name": "CVE-2021-44695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
    },
    {
      "name": "CVE-2022-3161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
    },
    {
      "name": "CVE-2016-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
    },
    {
      "name": "CVE-2022-45936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
    },
    {
      "name": "CVE-2022-46265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2022-43723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
    },
    {
      "name": "CVE-2018-15473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2022-45484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2003-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
    },
    {
      "name": "CVE-2018-20685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
    },
    {
      "name": "CVE-2016-6305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2022-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
    },
    {
      "name": "CVE-2022-41286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
    },
    {
      "name": "CVE-2016-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
    },
    {
      "name": "CVE-2022-41278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2022-41287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
    },
    {
      "name": "CVE-2022-45937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
    },
    {
      "name": "CVE-2022-46354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
    },
    {
      "name": "CVE-2022-43724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
    },
    {
      "name": "CVE-2022-43722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
    },
    {
      "name": "CVE-2016-6210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2022-41284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
    },
    {
      "name": "CVE-2016-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2016-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
    },
    {
      "name": "CVE-2021-44693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2016-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2015-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2022-44575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
    },
    {
      "name": "CVE-2022-41285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
    },
    {
      "name": "CVE-2022-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2018-4848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
    }
  ],
  "initial_release_date": "2022-12-13T00:00:00",
  "last_revision_date": "2022-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1094",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2022-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
    }
  ]
}

CERTFR-2016-AVI-365

Vulnerability from certfr_avis - Published: 2016-10-28 - Updated: 2016-10-28

De multiples vulnérabilités ont été corrigées dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.5.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 6.0.1
Apple	N/A	Apple Xcode versions antérieures à 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207268 du 27 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207274 du 27 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207273 du 27 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1669"
    },
    {
      "name": "CVE-2015-8027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8027"
    },
    {
      "name": "CVE-2015-6764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6764"
    },
    {
      "name": "CVE-2016-2216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2216"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2016-4613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2016-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7578"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2016-2086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2086"
    }
  ],
  "initial_release_date": "2016-10-28T00:00:00",
  "last_revision_date": "2016-10-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-365",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207268 du 27 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207268"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207274 du 27 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207274"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207273 du 27 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207273"
    }
  ]
}

GSD-2016-0702

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-0702

Aliases

CVE-2016-0702

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0702",
    "description": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",
    "id": "GSD-2016-0702",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-0702.html",
      "https://www.debian.org/security/2016/dsa-3500",
      "https://access.redhat.com/errata/RHSA-2016:2957",
      "https://access.redhat.com/errata/RHSA-2016:0379",
      "https://access.redhat.com/errata/RHSA-2016:0301",
      "https://ubuntu.com/security/CVE-2016-0702",
      "https://advisories.mageia.org/CVE-2016-0702.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-0702.html",
      "https://linux.oracle.com/cve/CVE-2016-0702.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0702"
      ],
      "details": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",
      "id": "GSD-2016-0702",
      "modified": "2023-12-13T01:21:16.973471Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-0702",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2016-2802690366",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "refsource": "FREEBSD",
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "HPSBGN03563",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "USN-2914-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168",
            "refsource": "CONFIRM",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "http://openssl.org/news/secadv/20160301.txt",
            "refsource": "CONFIRM",
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "DSA-3500",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "name": "https://www.openssl.org/news/secadv/20160301.txt",
            "refsource": "CONFIRM",
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "name": "http://cachebleed.info",
            "refsource": "MISC",
            "url": "http://cachebleed.info"
          },
          {
            "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1",
            "refsource": "CONFIRM",
            "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.2",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.7.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0702"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cachebleed.info",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://cachebleed.info"
            },
            {
              "name": "http://openssl.org/news/secadv/20160301.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://openssl.org/news/secadv/20160301.txt"
            },
            {
              "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "openSUSE-SU-2016:1566",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
            },
            {
              "name": "HPSBGN03563",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "SUSE-SU-2016:1290",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2016:1239",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2016:1241",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2016:1242",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:1360",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2016:1273",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
            },
            {
              "name": "SUSE-SU-2016:1267",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20160301.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.openssl.org/news/secadv/20160301.txt"
            },
            {
              "name": "SUSE-SU-2016:0621",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2016:0638",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2016:0627",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
            },
            {
              "name": "SUSE-SU-2016:0631",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
            },
            {
              "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
            },
            {
              "name": "openSUSE-SU-2016:0637",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:0617",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
            },
            {
              "name": "DSA-3500",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3500"
            },
            {
              "name": "GLSA-201603-15",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201603-15"
            },
            {
              "name": "SUSE-SU-2016:0624",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0720",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
            },
            {
              "name": "SUSE-SU-2016:0620",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:0628",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
            },
            {
              "name": "FEDORA-2016-2802690366",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
            },
            {
              "name": "SUSE-SU-2016:1057",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
            },
            {
              "name": "SUSE-SU-2016:0641",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
            },
            {
              "name": "USN-2914-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2914-1"
            },
            {
              "name": "FEDORA-2016-e6807b3394",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
            },
            {
              "name": "1035133",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1035133"
            },
            {
              "name": "FreeBSD-SA-16:12",
              "refsource": "FREEBSD",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
            },
            {
              "name": "RHSA-2016:2957",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.4,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-12-13T12:15Z",
      "publishedDate": "2016-03-03T20:59Z"
    }
  }
}

CNVD-2016-01456

Vulnerability from cnvd - Published: 2016-03-04

Title

OpenSSL模幂运算旁路攻击漏洞

Description

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.2及之前版本和1.0.1及之前版本的Intel Sandy-Bridge微体系结构中存在安全漏洞。攻击者可利用该漏洞实施旁路攻击，恢复RSA密钥。

Severity

中

Patch Name

OpenSSL模幂运算旁路攻击漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.openssl.org/news/secadv/20160301.txt

Reference

https://www.openssl.org/news/secadv/20160301.txt

Impacted products

Name
['OpenSSL OpenSSL 1.0.1(<1.0.1s)', 'OpenSSL OpenSSL 1.0.2(<1.0.2g)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0702"
    }
  },
  "description": "OpenSSL\u662fOpenSSL\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSL v2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLS v1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\uff0c\u5b83\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\r\n\r\nOpenSSL 1.0.2\u53ca\u4e4b\u524d\u7248\u672c\u548c1.0.1\u53ca\u4e4b\u524d\u7248\u672c\u7684Intel Sandy-Bridge\u5fae\u4f53\u7cfb\u7ed3\u6784\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u65c1\u8def\u653b\u51fb\uff0c\u6062\u590dRSA\u5bc6\u94a5\u3002",
  "discovererName": "OpenSSL",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.openssl.org/news/secadv/20160301.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01456",
  "openTime": "2016-03-04",
  "patchDescription": "OpenSSL\u662fOpenSSL\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSL v2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLS v1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\uff0c\u5b83\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\r\n\r\nOpenSSL 1.0.2\u53ca\u4e4b\u524d\u7248\u672c\u548c1.0.1\u53ca\u4e4b\u524d\u7248\u672c\u7684Intel Sandy-Bridge\u5fae\u4f53\u7cfb\u7ed3\u6784\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u65c1\u8def\u653b\u51fb\uff0c\u6062\u590dRSA\u5bc6\u94a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenSSL\u6a21\u5e42\u8fd0\u7b97\u65c1\u8def\u653b\u51fb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OpenSSL  OpenSSL 1.0.1(\u003c1.0.1s)",
      "OpenSSL  OpenSSL 1.0.2(\u003c1.0.2g)"
    ]
  },
  "referenceLink": "https://www.openssl.org/news/secadv/20160301.txt",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-03",
  "title": "OpenSSL\u6a21\u5e42\u8fd0\u7b97\u65c1\u8def\u653b\u51fb\u6f0f\u6d1e"
}

CVE-2016-0702

Vulnerability from fstec - Published: 03.03.2016

Title

Уязвимость библиотеки OpenSSL, позволяющая нарушителю раскрыть RSA-ключи

Description

Уязвимость функции MOD_EXP_CTIME_COPY_FROM_PREBUF (crypto/bn/bn_exp.c) библиотеки OpenSSL связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему локально, раскрыть RSA-ключи в результате запуска специально созданного приложения

Severity ?

Vendor

OpenSSL Software Foundation

Software Name

OpenSSL

Software Version

от 1.0.1 до 1.0.1s (OpenSSL), от 1.0.2 до 1.0.2g (OpenSSL)

Possible Mitigations

Обновление программного средства до версий 1.0.1s, 1.0.2g или более новой

Reference

https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1 http://openssl.org/news/secadv/20160301.txt http://cachebleed.info

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "OpenSSL Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.0.1 \u0434\u043e 1.0.1s (OpenSSL), \u043e\u0442 1.0.2 \u0434\u043e 1.0.2g (OpenSSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439 1.0.1s, 1.0.2g \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.03.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.03.2016",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-00630",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-0702",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSSL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . PowerPC, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit, Apple Inc. MacOS X PowerPC, IBM Corp. IBM i . PowerPC, IBM Corp. IBM i . 64-bit, FreeBSD Project FreeBSD . 64-bit, FreeBSD Project FreeBSD . 32-bit, FreeBSD Project FreeBSD . PowerPC, OpenBSD Project OpenBSD . 64-bit, OpenBSD Project OpenBSD . 32-bit, HP Inc. OpenVMS . ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c RSA-\u043a\u043b\u044e\u0447\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 MOD_EXP_CTIME_COPY_FROM_PREBUF (crypto/bn/bn_exp.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c RSA-\u043a\u043b\u044e\u0447\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1\nhttp://openssl.org/news/secadv/20160301.txt\nhttp://cachebleed.info",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,9)"
}

GHSA-Q7XG-GMG7-59F4

Vulnerability from github – Published: 2022-05-14 03:58 – Updated: 2025-04-12 12:57

Details

Severity ?

5.1 (Medium)


                  
                    CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-03T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",
  "id": "GHSA-q7xg-gmg7-59f4",
  "modified": "2025-04-12T12:57:25Z",
  "published": "2022-05-14T03:58:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0702"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
    },
    {
      "type": "WEB",
      "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-15"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20160301.txt"
    },
    {
      "type": "WEB",
      "url": "http://cachebleed.info"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openssl.org/news/secadv/20160301.txt"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3500"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035133"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2914-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-0702

Vulnerability from fkie_nvd - Published: 2016-03-03 20:59 - Updated: 2025-04-12 10:46

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secalert@redhat.com	http://cachebleed.info	Broken Link
secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://marc.info/?l=bugtraq&m=145889460330120&w=2	Mailing List, Third Party Advisory
secalert@redhat.com	http://openssl.org/news/secadv/20160301.txt	Vendor Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2016-2957.html	Third Party Advisory
secalert@redhat.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3500	Third Party Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Patch, Third Party Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1035133	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2914-1	Third Party Advisory
secalert@redhat.com	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
secalert@redhat.com	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
secalert@redhat.com	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us	Third Party Advisory
secalert@redhat.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990	Third Party Advisory
secalert@redhat.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917	Third Party Advisory
secalert@redhat.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
secalert@redhat.com	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168	Third Party Advisory
secalert@redhat.com	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc	Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/201603-15	Third Party Advisory
secalert@redhat.com	https://www.openssl.org/news/secadv/20160301.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://cachebleed.info	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=145889460330120&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openssl.org/news/secadv/20160301.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2957.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3500	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035133	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2914-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
af854a3a-2127-422b-91ae-364da2661108	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201603-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openssl.org/news/secadv/20160301.txt	Third Party Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1a
openssl	openssl	1.0.1b
openssl	openssl	1.0.1c
openssl	openssl	1.0.1d
openssl	openssl	1.0.1e
openssl	openssl	1.0.1f
openssl	openssl	1.0.1g
openssl	openssl	1.0.1h
openssl	openssl	1.0.1i
openssl	openssl	1.0.1j
openssl	openssl	1.0.1k
openssl	openssl	1.0.1l
openssl	openssl	1.0.1m
openssl	openssl	1.0.1n
openssl	openssl	1.0.1o
openssl	openssl	1.0.1p
openssl	openssl	1.0.1q
openssl	openssl	1.0.1r
openssl	openssl	1.0.2
openssl	openssl	1.0.2
openssl	openssl	1.0.2
openssl	openssl	1.0.2
openssl	openssl	1.0.2a
openssl	openssl	1.0.2b
openssl	openssl	1.0.2c
openssl	openssl	1.0.2d
openssl	openssl	1.0.2e
openssl	openssl	1.0.2f
nodejs	node.js	*
nodejs	node.js	*
nodejs	node.js	*
debian	debian_linux	7.0
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
              "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
              "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
              "matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
              "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
              "versionEndIncluding": "4.1.2",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "30C92A41-47F3-46D7-AD29-66B717E6D5BE",
              "versionEndExcluding": "4.3.2",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "183CD912-7D2E-4CCD-BA99-05AF9E685030",
              "versionEndExcluding": "5.7.1",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n MOD_EXP_CTIME_COPY_FROM_PREBUF en crypto/bn/bn_exp.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no considera correctamente las veces que se accede al cache-bank durante la exponenciaci\u00f3n modular, lo que facilita a usuarios locales descubrir las claves RSA ejecutando una aplicaci\u00f3n manipulada en el mismo n\u00facleo de la CPU Intel Sandy Bridge como v\u00edctima y aprovech\u00e1ndose de los conflictos del cache-bank, tambi\u00e9n conocida como un ataque \"CacheBleed\"."
    }
  ],
  "id": "CVE-2016-0702",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-03T20:59:00.080",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://cachebleed.info"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://openssl.org/news/secadv/20160301.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3500"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035133"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2914-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201603-15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20160301.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://cachebleed.info"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://openssl.org/news/secadv/20160301.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2914-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201603-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20160301.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-0702 (GCVE-0-2016-0702)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature