CVE-2016-0704


Severity : MEDIUM
Published : 2016-03-02
Modified : 2018-01-18
Base Score : 4.3
Details : An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
Product/Version : Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Pro 5.0  
CGX 2.0 unspecified  
Carrier Grade CGE 7.0  
CGE 5.x  
Mobilinux 5.x  
 
 
 

CVE Vulnerabilities List CVE-2016

CVE-2016-0704 CVE-2016-0772 CVE-2016-0797 CVE-2016-0799
CVE-2016-0800 CVE-2016-1839 CVE-2016-2073 CVE-2016-2105
CVE-2016-2106 CVE-2016-2108 CVE-2016-2182 CVE-2016-2183
CVE-2016-3115 CVE-2016-3841 CVE-2016-3951 CVE-2016-4483
CVE-2016-5387 CVE-2016-6210 CVE-2016-6304 CVE-2016-6515
CVE-2016-9310 CVE-2016-9311