// For flags

CVE-2016-8610

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes.

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-10-12 CVE Reserved
  • 2016-12-28 First Exploit
  • 2017-01-30 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (31)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
6.0.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
6.0.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
6.4.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Safe
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
6.4.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Netapp
Search vendor "Netapp"
Cn1610 Firmware
Search vendor "Netapp" for product "Cn1610 Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Cn1610
Search vendor "Netapp" for product "Cn1610"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-1 Firmware
Search vendor "Fujitsu" for product "M10-1 Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-1
Search vendor "Fujitsu" for product "M10-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-1 Firmware
Search vendor "Fujitsu" for product "M10-1 Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M10-1 Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-1
Search vendor "Fujitsu" for product "M10-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4 Firmware
Search vendor "Fujitsu" for product "M10-4 Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4
Search vendor "Fujitsu" for product "M10-4"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4 Firmware
Search vendor "Fujitsu" for product "M10-4 Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M10-4 Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4
Search vendor "Fujitsu" for product "M10-4"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4s Firmware
Search vendor "Fujitsu" for product "M10-4s Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4s
Search vendor "Fujitsu" for product "M10-4s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4s Firmware
Search vendor "Fujitsu" for product "M10-4s Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M10-4s Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4s
Search vendor "Fujitsu" for product "M10-4s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-1 Firmware
Search vendor "Fujitsu" for product "M12-1 Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-1
Search vendor "Fujitsu" for product "M12-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-1 Firmware
Search vendor "Fujitsu" for product "M12-1 Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M12-1 Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-1
Search vendor "Fujitsu" for product "M12-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2 Firmware
Search vendor "Fujitsu" for product "M12-2 Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2
Search vendor "Fujitsu" for product "M12-2"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2 Firmware
Search vendor "Fujitsu" for product "M12-2 Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M12-2 Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2
Search vendor "Fujitsu" for product "M12-2"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2s Firmware
Search vendor "Fujitsu" for product "M12-2s Firmware"
< xcp2361
Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2361"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2s
Search vendor "Fujitsu" for product "M12-2s"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M12-2s Firmware
Search vendor "Fujitsu" for product "M12-2s Firmware"
>= xcp3000 < xcp3070
Search vendor "Fujitsu" for product "M12-2s Firmware" and version " >= xcp3000 < xcp3070"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M12-2s
Search vendor "Fujitsu" for product "M12-2s"
--
Safe
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.2 <= 1.0.2h
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8
Search vendor "Openssl" for product "Openssl" and version "0.9.8"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.1.0
Search vendor "Openssl" for product "Openssl" and version "1.1.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Netapp
Search vendor "Netapp"
Clustered Data Ontap Antivirus Connector
Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"
--
Affected
Netapp
Search vendor "Netapp"
Data Ontap
Search vendor "Netapp" for product "Data Ontap"
-7-mode
Affected
Netapp
Search vendor "Netapp"
Data Ontap Edge
Search vendor "Netapp" for product "Data Ontap Edge"
--
Affected
Netapp
Search vendor "Netapp"
E-series Santricity Os Controller
Search vendor "Netapp" for product "E-series Santricity Os Controller"
>= 11.0 <= 11.40
Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.40"
-
Affected
Netapp
Search vendor "Netapp"
Host Agent
Search vendor "Netapp" for product "Host Agent"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Balance
Search vendor "Netapp" for product "Oncommand Balance"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Unified Manager
Search vendor "Netapp" for product "Oncommand Unified Manager"
-7-mode
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Ontap Select Deploy
Search vendor "Netapp" for product "Ontap Select Deploy"
--
Affected
Netapp
Search vendor "Netapp"
Service Processor
Search vendor "Netapp" for product "Service Processor"
--
Affected
Netapp
Search vendor "Netapp"
Smi-s Provider
Search vendor "Netapp" for product "Smi-s Provider"
--
Affected
Netapp
Search vendor "Netapp"
Snapcenter Server
Search vendor "Netapp" for product "Snapcenter Server"
--
Affected
Netapp
Search vendor "Netapp"
Snapdrive
Search vendor "Netapp" for product "Snapdrive"
-unix
Affected
Netapp
Search vendor "Netapp"
Storagegrid
Search vendor "Netapp" for product "Storagegrid"
--
Affected
Netapp
Search vendor "Netapp"
Storagegrid Webscale
Search vendor "Netapp" for product "Storagegrid Webscale"
--
Affected
Netapp
Search vendor "Netapp"
Clustered Data Ontap
Search vendor "Netapp" for product "Clustered Data Ontap"
--
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
<= 6.1.17
Search vendor "Paloaltonetworks" for product "Pan-os" and version " <= 6.1.17"
-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
>= 7.0.0 <= 7.0.15
Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.0.0 <= 7.0.15"
-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
>= 7.1.0 <= 7.1.10
Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.1.0 <= 7.1.10"
-
Affected
Oracle
Search vendor "Oracle"
Adaptive Access Manager
Search vendor "Oracle" for product "Adaptive Access Manager"
11.1.2.3.0
Search vendor "Oracle" for product "Adaptive Access Manager" and version "11.1.2.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Application Testing Suite
Search vendor "Oracle" for product "Application Testing Suite"
13.3.0.1
Search vendor "Oracle" for product "Application Testing Suite" and version "13.3.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Analytics
Search vendor "Oracle" for product "Communications Analytics"
12.1.1
Search vendor "Oracle" for product "Communications Analytics" and version "12.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Ip Service Activator
Search vendor "Oracle" for product "Communications Ip Service Activator"
7.3.4
Search vendor "Oracle" for product "Communications Ip Service Activator" and version "7.3.4"
-
Affected
Oracle
Search vendor "Oracle"
Communications Ip Service Activator
Search vendor "Oracle" for product "Communications Ip Service Activator"
7.4.0
Search vendor "Oracle" for product "Communications Ip Service Activator" and version "7.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Core Rdbms
Search vendor "Oracle" for product "Core Rdbms"
11.2.0.4
Search vendor "Oracle" for product "Core Rdbms" and version "11.2.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Core Rdbms
Search vendor "Oracle" for product "Core Rdbms"
12.1.0.2
Search vendor "Oracle" for product "Core Rdbms" and version "12.1.0.2"
-
Affected
Oracle
Search vendor "Oracle"
Core Rdbms
Search vendor "Oracle" for product "Core Rdbms"
12.2.0.1
Search vendor "Oracle" for product "Core Rdbms" and version "12.2.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Core Rdbms
Search vendor "Oracle" for product "Core Rdbms"
18c
Search vendor "Oracle" for product "Core Rdbms" and version "18c"
-
Affected
Oracle
Search vendor "Oracle"
Core Rdbms
Search vendor "Oracle" for product "Core Rdbms"
19c
Search vendor "Oracle" for product "Core Rdbms" and version "19c"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Ops Center
Search vendor "Oracle" for product "Enterprise Manager Ops Center"
12.3.3
Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.3.3"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Ops Center
Search vendor "Oracle" for product "Enterprise Manager Ops Center"
12.4.0
Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Goldengate Application Adapters
Search vendor "Oracle" for product "Goldengate Application Adapters"
12.3.2.1.0
Search vendor "Oracle" for product "Goldengate Application Adapters" and version "12.3.2.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Jd Edwards Enterpriseone Tools
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"
9.2
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version "9.2"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.56
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.57
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.58
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"
-
Affected
Oracle
Search vendor "Oracle"
Retail Predictive Application Server
Search vendor "Oracle" for product "Retail Predictive Application Server"
15.0.3
Search vendor "Oracle" for product "Retail Predictive Application Server" and version "15.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Retail Predictive Application Server
Search vendor "Oracle" for product "Retail Predictive Application Server"
16.0.3
Search vendor "Oracle" for product "Retail Predictive Application Server" and version "16.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Timesten In-memory Database
Search vendor "Oracle" for product "Timesten In-memory Database"
< 18.1.4.1.0
Search vendor "Oracle" for product "Timesten In-memory Database" and version " < 18.1.4.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
10.3.6.0.0
Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.1.3.0.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.2.1.3.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.2.1.4.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0"
-
Affected