Search for vulnerabilities
Vulnerability details: VCID-m4nz-uw2e-aaaq
Vulnerability ID VCID-m4nz-uw2e-aaaq
Aliases CVE-2016-0798
VC-OPENSSL-20160301-CVE-2016-0798
Summary The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
generic_textual Medium http://openssl.org/news/secadv/20160301.txt
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0798.html
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.06517 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.12085 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.13714 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.21253 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.23545 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.23545 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.63847 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.63847 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.63847 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.63847 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
epss 0.68345 https://api.first.org/data/v1/epss?cve=CVE-2016-0798
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1311876
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0798
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0798
generic_textual Low https://ubuntu.com/security/notices/USN-2914-1
generic_textual Moderate https://www.openssl.org/news/secadv/20160301.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://openssl.org/news/secadv/20160301.txt
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0798.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0798.json
https://api.first.org/data/v1/epss?cve=CVE-2016-0798
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
https://ubuntu.com/security/notices/USN-2914-1
https://www.openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
http://www.debian.org/security/2016/dsa-3500
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/83705
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1035133
http://www.ubuntu.com/usn/USN-2914-1
1311876 https://bugzilla.redhat.com/show_bug.cgi?id=1311876
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
CVE-2016-0798 https://nvd.nist.gov/vuln/detail/CVE-2016-0798
USN-2914-1 https://usn.ubuntu.com/2914-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0798
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0798
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90204
EPSS Score 0.06517
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.