CVE-2016-2178 - Vulnerability Details

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Nodejs	Node.js
Openssl	Openssl
Oracle	Linux Solaris
Redhat	Enterprise Linux Jboss Core Services Jboss Enterprise Application Platform
Suse	Linux Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1j:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1k:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1l:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1m:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1n:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1o:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1p:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1q:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1r:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1s:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1t:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.2h:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:oracle:linux:5:::::::*
	cpe:2.3:o:oracle:linux:6:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*
	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 3 [-]

cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

Configuration 5 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Package	CPE	Advisory	Released Date
JBoss Core Services on RHEL 6
jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2017:0193	2017-01-25T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2017:0194	2017-01-25T00:00:00Z
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-48.el6_8.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:1940	2016-09-27T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.1e-51.el7_2.7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:1940	2016-09-27T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
openssl	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2017:1659	2017-06-28T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1658	2017-06-28T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1658	2017-06-28T00:00:00Z
Text-Only JBCS
	cpe:/a:redhat:jboss_core_services:1	RHSA-2016:2957	2016-12-15T00:00:00Z

References

Link	Providers
http://eprint.iacr.org/2016/594
http://eprint.iacr.org/2016/594.pdf
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
http://rhn.redhat.com/errata/RHSA-2016-1940.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
http://seclists.org/fulldisclosure/2017/Jul/31
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.debian.org/security/2016/dsa-3673
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
http://www.openwall.com/lists/oss-security/2016/06/08/10
http://www.openwall.com/lists/oss-security/2016/06/08/11
http://www.openwall.com/lists/oss-security/2016/06/08/12
http://www.openwall.com/lists/oss-security/2016/06/08/2
http://www.openwall.com/lists/oss-security/2016/06/08/4
http://www.openwall.com/lists/oss-security/2016/06/08/5
http://www.openwall.com/lists/oss-security/2016/06/08/6
http://www.openwall.com/lists/oss-security/2016/06/08/7
http://www.openwall.com/lists/oss-security/2016/06/08/8
http://www.openwall.com/lists/oss-security/2016/06/09/2
http://www.openwall.com/lists/oss-security/2016/06/09/8
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.securityfocus.com/bid/91081
http://www.securitytracker.com/id/1036054
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
http://www.ubuntu.com/usn/USN-3087-1
http://www.ubuntu.com/usn/USN-3087-2
https://access.redhat.com/errata/RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:1658
https://bto.bluecoat.com/security-advisory/sa132
https://bugzilla.redhat.com/show_bug.cgi?id=1343400
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://nvd.nist.gov/vuln/detail/CVE-2016-2178
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
https://security.gentoo.org/glsa/201612-16
https://support.f5.com/csp/article/K53084033
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://www.cve.org/CVERecord?id=CVE-2016-2178
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-20T00:00:00

Updated: 2024-08-05T23:17:50.594Z

Reserved: 2016-01-29T00:00:00

Link: CVE-2016-2178

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-06-20T01:59:03.023

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-2178

Redhat

Severity : Moderate

Publid Date: 2016-05-23T00:00:00Z

Links: CVE-2016-2178 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2016-2178", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T23:17:50.594Z", "dateReserved": "2016-01-29T00:00:00", "datePublished": "2016-06-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tenable.com/security/tns-2016-20"}, {"url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:1659", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"}, {"name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"}, {"name": "RHSA-2017:1658", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1658"}, {"name": "RHSA-2016:1940", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"name": "GLSA-201612-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201612-16"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"}, {"url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"}, {"url": "https://www.tenable.com/security/tns-2016-16"}, {"url": "https://www.tenable.com/security/tns-2016-21"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "91081", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/91081"}, {"name": "RHSA-2017:0194", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"}, {"name": "RHSA-2017:0193", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"url": "https://bto.bluecoat.com/security-advisory/sa132"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"name": "FreeBSD-SA-16:26", "tags": ["vendor-advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"}, {"name": "SUSE-SU-2016:2470", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"}, {"name": "1036054", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1036054"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"url": "http://eprint.iacr.org/2016/594.pdf"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215"}, {"name": "SUSE-SU-2017:2700", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"}, {"name": "USN-3087-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-1"}, {"name": "SUSE-SU-2016:2469", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"}, {"name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "tags": ["vendor-advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"}, {"name": "openSUSE-SU-2016:2537", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"}, {"url": "https://support.f5.com/csp/article/K53084033"}, {"name": "USN-3087-2", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-2"}, {"name": "SUSE-SU-2017:2699", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"}, {"name": "openSUSE-SU-2016:2407", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"}, {"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2017/Jul/31"}, {"name": "SUSE-SU-2016:2458", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"}, {"name": "DSA-3673", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2016/dsa-3673"}, {"name": "openSUSE-SU-2016:2391", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"}, {"name": "openSUSE-SU-2018:0458", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"}, {"name": "SUSE-SU-2016:2387", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448"}, {"name": "SUSE-SU-2016:2468", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"}, {"name": "openSUSE-SU-2016:2496", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"}, {"name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"}, {"name": "SUSE-SU-2016:2394", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2016-06-06T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:17:50.594Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.tenable.com/security/tns-2016-20", "tags": ["x_transferred"]}, {"url": "http://www.splunk.com/view/SP-CAAAPUE", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["x_transferred"]}, {"name": "RHSA-2017:1659", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"}, {"name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"}, {"name": "RHSA-2017:1658", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1658"}, {"name": "RHSA-2016:1940", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "tags": ["x_transferred"]}, {"name": "GLSA-201612-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-16"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", "tags": ["x_transferred"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", "tags": ["x_transferred"]}, {"url": "http://www.splunk.com/view/SP-CAAAPSV", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "tags": ["x_transferred"]}, {"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2016-16", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2016-21", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "tags": ["x_transferred"]}, {"name": "91081", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/91081"}, {"name": "RHSA-2017:0194", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"}, {"name": "RHSA-2017:0193", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "tags": ["x_transferred"]}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"url": "https://bto.bluecoat.com/security-advisory/sa132", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["x_transferred"]}, {"name": "FreeBSD-SA-16:26", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"}, {"name": "SUSE-SU-2016:2470", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", "tags": ["x_transferred"]}, {"name": "1036054", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1036054"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "tags": ["x_transferred"]}, {"url": "http://eprint.iacr.org/2016/594.pdf", "tags": ["x_transferred"]}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2017:2700", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"}, {"name": "USN-3087-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3087-1"}, {"name": "SUSE-SU-2016:2469", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"}, {"name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "tags": ["vendor-advisory", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"}, {"name": "openSUSE-SU-2016:2537", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"}, {"url": "https://support.f5.com/csp/article/K53084033", "tags": ["x_transferred"]}, {"name": "USN-3087-2", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3087-2"}, {"name": "SUSE-SU-2017:2699", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"}, {"name": "openSUSE-SU-2016:2407", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"}, {"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Jul/31"}, {"name": "SUSE-SU-2016:2458", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", "tags": ["x_transferred"]}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"}, {"name": "DSA-3673", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3673"}, {"name": "openSUSE-SU-2016:2391", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"}, {"name": "openSUSE-SU-2018:0458", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"}, {"name": "SUSE-SU-2016:2387", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2016:2468", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"}, {"name": "openSUSE-SU-2016:2496", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"}, {"name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"}, {"name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"}, {"name": "SUSE-SU-2016:2394", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", "tags": ["x_transferred"]}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "matchCriteriaId": "A491B32F-31F0-4151-AE9B-313CBF2C060D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", "matchCriteriaId": "CE882C74-313C-47A9-9FA0-05F2CBF09D1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "080F38F5-0A51-43BC-BC66-98545B31A0F2", "versionEndExcluding": "0.10.47", "versionStartIncluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D", "versionEndExcluding": "0.12.16", "versionStartIncluding": "0.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279", "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "4A24A5C5-6ECC-46A8-B3E1-94D748FAB987", "versionEndExcluding": "6.7.0", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."}, {"lang": "es", "value": "La funci\u00f3n dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versi\u00f3n 1.0.2h no asegura correctamente la utilizaci\u00f3n de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a trav\u00e9s de un ataque de sincronizaci\u00f3n de canal lateral."}], "id": "CVE-2016-2178", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-20T01:59:03.023", "references": [{"source": "secalert@redhat.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://eprint.iacr.org/2016/594.pdf"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jul/31"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3673"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91081"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036054"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1658"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa132"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"}, {"source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "secalert@redhat.com", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://security.gentoo.org/glsa/201612-16"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K53084033"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-16"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-20"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://eprint.iacr.org/2016/594.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jul/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3087-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://security.gentoo.org/glsa/201612-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K53084033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-21"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0193", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.41-14.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2017:0194", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-01-25T00:00:00Z"}, {"advisory": "RHSA-2016:1940", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.1e-48.el6_8.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-09-27T00:00:00Z"}, {"advisory": "RHSA-2016:1940", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.1e-51.el7_2.7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-09-27T00:00:00Z"}, {"advisory": "RHSA-2017:1659", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "package": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2017-06-28T00:00:00Z"}, {"advisory": "RHSA-2017:1658", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-06-28T00:00:00Z"}, {"advisory": "RHSA-2017:1658", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-06-28T00:00:00Z"}, {"advisory": "RHSA-2016:2957", "cpe": "cpe:/a:redhat:jboss_core_services:1", "product_name": "Text-Only JBCS", "release_date": "2016-12-15T00:00:00Z"}], "bugzilla": {"description": "openssl: Non-constant time codepath followed for certain operations in DSA implementation", "id": "1343400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-385", "details": ["The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.", "It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system."], "name": "CVE-2016-2178", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Fix deferred", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2016-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2178\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2178\nhttp://eprint.iacr.org/2016/594\nhttps://www.openssl.org/news/secadv/20160922.txt"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object