CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Published : 2017-11-13 22:29 Updated : 2019-07-23 23:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Netapp Clustered Data Ontap Antivirus Connector - cpe:/a:netapp:clustered_data_ontap_antivirus_connector:-
Netapp Data Ontap - cpe:/a:netapp:data_ontap:-::~~~7-mode~~
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Host Agent - cpe:/a:netapp:host_agent:-
Netapp Oncommand Balance - cpe:/a:netapp:oncommand_balance:-
Netapp Oncommand Unified Manager - cpe:/a:netapp:oncommand_unified_manager:-::~~~7-mode~~
Netapp Oncommand Workflow Automation - cpe:/a:netapp:oncommand_workflow_automation:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Service Processor - cpe:/a:netapp:service_processor:-
Netapp Smi-s Provider - cpe:/a:netapp:smi-s_provider:-
Netapp Snapcenter Server - cpe:/a:netapp:snapcenter_server:-
Netapp Snapdrive - cpe:/a:netapp:snapdrive:-::~~~unix~~
Netapp Storagegrid - cpe:/a:netapp:storagegrid:-
Netapp Storagegrid Webscale - cpe:/a:netapp:storagegrid_webscale:-
Redhat Jboss Enterprise Application Platform 6.0.0 cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0
Redhat Jboss Enterprise Application Platform 6.4.0 cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Netapp Clustered Data Ontap - cpe:/o:netapp:clustered_data_ontap:-
Netapp Cn1610 Firmware - cpe:/o:netapp:cn1610_firmware:-
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2:beta1
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2:beta2
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2:beta3
Openssl Openssl 1.0.2a cpe:/a:openssl:openssl:1.0.2a
Openssl Openssl 1.0.2b cpe:/a:openssl:openssl:1.0.2b
Openssl Openssl 1.0.2c cpe:/a:openssl:openssl:1.0.2c
Openssl Openssl 1.0.2d cpe:/a:openssl:openssl:1.0.2d
Openssl Openssl 1.0.2e cpe:/a:openssl:openssl:1.0.2e
Openssl Openssl 1.0.2f cpe:/a:openssl:openssl:1.0.2f
Openssl Openssl 1.0.2g cpe:/a:openssl:openssl:1.0.2g
Openssl Openssl 1.0.2h cpe:/a:openssl:openssl:1.0.2h
Openssl Openssl 0.9.8 cpe:/a:openssl:openssl:0.9.8
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0
  1. Netapp (16) Search CVE
    1. Data Ontap (1) Search CVE
      1. -
    2. Snapcenter Server (1) Search CVE
      1. -
    3. Oncommand Workflow Automation (1) Search CVE
      1. -
    4. Data Ontap Edge (1) Search CVE
      1. -
    5. Oncommand Unified Manager (1) Search CVE
      1. -
    6. Smi-s Provider (1) Search CVE
      1. -
    7. Clustered Data Ontap (1) Search CVE
      1. -
    8. Cn1610 Firmware (1) Search CVE
      1. -
    9. Storagegrid Webscale (1) Search CVE
      1. -
    10. Ontap Select Deploy (1) Search CVE
      1. -
    11. Host Agent (1) Search CVE
      1. -
    12. Service Processor (1) Search CVE
      1. -
    13. Clustered Data Ontap Antivirus Connector (1) Search CVE
      1. -
    14. Snapdrive (1) Search CVE
      1. -
    15. Storagegrid (1) Search CVE
      1. -
    16. Oncommand Balance (1) Search CVE
      1. -
  2. Openssl (1) Search CVE
    1. Openssl (12) Search CVE
      1. 1.0.2
      2. 1.0.2a
      3. 1.0.2b
      4. 1.0.2c
      5. 1.0.2d
      6. 1.0.2e
      7. 1.0.2f
      8. 1.0.2g
      9. 1.0.2h
      10. 0.9.8
      11. 1.0.1
      12. 1.1.0
  3. Redhat (7) Search CVE
    1. Enterprise Linux Server Tus (2) Search CVE
      1. 7.3
      2. 7.6
    2. Jboss Enterprise Application Platform (2) Search CVE
      1. 6.0.0
      2. 6.4.0
    3. Enterprise Linux Server Eus (4) Search CVE
      1. 7.3
      2. 7.4
      3. 7.5
      4. 7.6
    4. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0
    5. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    6. Enterprise Linux Server Aus (3) Search CVE
      1. 7.3
      2. 7.4
      3. 7.6
    7. Enterprise Linux Desktop (2) Search CVE
      1. 6.0
      2. 7.0
  4. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

History of changes

Date Event
2019-07-23 23:15
2019-05-02 18:07
2018-10-02 10:29
2018-01-12 02:29
2018-01-05 02:31
2017-12-02 02:29
2017-11-30 15:30
2017-11-21 02:29
2017-11-15 02:29
2017-11-13 22:29

New CVE