Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8610

Опубликовано: 24 окт. 2016
Источник: redhat
CVSS3: 7.5
CVSS2: 4.3

Описание

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Отчет

This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5gnutlsWill not fix
Red Hat Enterprise Linux 5nssNot affected
Red Hat Enterprise Linux 5opensslWill not fix
Red Hat Enterprise Linux 5openssl097aWill not fix
Red Hat Enterprise Linux 6nssNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7gnutlsWill not fix
Red Hat Enterprise Linux 7nssNot affected
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Enterprise Web Server 1opensslWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1384743SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

7.5 High

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8610

CVSS3: 7.5
ubuntu
больше 7 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

nvd логотип

CVE-2016-8610

CVSS3: 7.5
nvd
больше 7 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

debian логотип

CVE-2016-8610

CVSS3: 7.5
debian
больше 7 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...

suse-cvrf логотип

SUSE-SU-2018:3994-1

suse-cvrf
больше 6 лет назад

Security update for compat-openssl097g

github логотип

GHSA-v2q2-jxh8-m5h8

CVSS3: 7.5
github
около 3 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

7.5 High

CVSS3

4.3 Medium

CVSS2