{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2016-0701", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T22:30:03.941Z", "dateReserved": "2015-12-16T00:00:00", "datePublished": "2016-02-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "FEDORA-2016-527018d2ff", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"}, {"name": "1034849", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1034849"}, {"name": "GLSA-201601-05", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201601-05"}, {"name": "82233", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/82233"}, {"name": "91787", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "VU#257823", "tags": ["third-party-advisory"], "url": "https://www.kb.cert.org/vuls/id/257823"}, {"name": "openSUSE-SU-2016:0637", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"name": "USN-2883-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2883-1"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2"}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"}, {"url": "http://www.openssl.org/news/secadv/20160128.txt"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"}, {"url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2016-01-28T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:03.941Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2016-527018d2ff", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"}, {"name": "1034849", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1034849"}, {"name": "GLSA-201601-05", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201601-05"}, {"name": "82233", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/82233"}, {"name": "91787", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "VU#257823", "tags": ["third-party-advisory", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/257823"}, {"name": "openSUSE-SU-2016:0637", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"name": "USN-2883-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2883-1"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821", "tags": ["x_transferred"]}, {"url": "http://www.openssl.org/news/secadv/20160128.txt", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", "tags": ["x_transferred"]}, {"url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", "tags": ["x_transferred"]}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file."}, {"lang": "es", "value": "La funci\u00f3n DH_check_pub_key en crypto/dh/dh_check.c en OpenSSL 1.0.2 en versiones anteriores a 1.0.2f no asegura que los n\u00famero primos son apropiados para el intercambio de clave Diffie-Hellman (DH), lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos descubrir el exponente DH privado mediante la realizaci\u00f3n de m\u00faltiples apretones de mano con un par que eligi\u00f3 un n\u00famero inapropiado, seg\u00fan lo demostrado por un n\u00famero en un archivo X9.42."}], "id": "CVE-2016-0701", "lastModified": "2023-02-12T23:15:48.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-15T02:59:18.013", "references": [{"source": "secalert@redhat.com", "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"}, {"source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openssl.org/news/secadv/20160128.txt"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/82233"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1034849"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2883-1"}, {"source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "secalert@redhat.com", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648"}, {"source": "secalert@redhat.com", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201601-05"}, {"source": "secalert@redhat.com", "url": "https://www.kb.cert.org/vuls/id/257823"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Antonio Sanso as the original reporter.", "bugzilla": {"description": "OpenSSL: DH small subgroups", "id": "1301845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301845"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.", "It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42-style parameter files. An attacker who could force the peer to perform multiple handshakes using the same private DH component could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection."], "name": "CVE-2016-0701", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2016-01-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0701\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0701\nhttps://www.openssl.org/news/secadv/20160128.txt"], "statement": "OpenSSL 1.0.2 provides support for generating X9.42 style parameter files. This feature does not exist in any previous versions of OpenSSL. Therefore versions of OpenSSL shipped with Red Hat Enterprise Linux 5, 6, and 7, and JBoss EAP and JBoss Web Server are not vulnerable to this security flaw.\nVersions of OpenSSL shipped in Red Hat Enterprise Linux do not enable the SSL_OP_SINGLE_DH_USE option. However, most applications do not use SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh(). Most of them use SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() without setting the key. This has the same effect as setting SSL_OP_SINGLE_DH_USE.", "threat_severity": "Moderate"}