CVE-2016-7055
First published: Tue Oct 11 2016(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-apache-commons-daemon | <0:1.1.0-1.redhat_2.1.jbcs.el6 | 0:1.1.0-1.redhat_2.1.jbcs.el6 |
| redhat/jbcs-httpd24-apache-commons-daemon-jsvc | <1:1.1.0-1.redhat_2.jbcs.el6 | 1:1.1.0-1.redhat_2.jbcs.el6 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-14.jbcs.el6 | 0:1.6.3-14.jbcs.el6 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-9.jbcs.el6 | 0:1.6.1-9.jbcs.el6 |
| redhat/jbcs-httpd24-httpd | <0:2.4.29-17.jbcs.el6 | 0:2.4.29-17.jbcs.el6 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.29.0-8.jbcs.el6 | 0:1.29.0-8.jbcs.el6 |
| redhat/jbcs-httpd24-openssl | <1:1.0.2n-11.jbcs.el6 | 1:1.0.2n-11.jbcs.el6 |
| redhat/jbcs-httpd24-apache-commons-daemon | <0:1.1.0-1.redhat_2.1.jbcs.el7 | 0:1.1.0-1.redhat_2.1.jbcs.el7 |
| redhat/jbcs-httpd24-apache-commons-daemon-jsvc | <1:1.1.0-1.redhat_2.jbcs.el7 | 1:1.1.0-1.redhat_2.jbcs.el7 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-14.jbcs.el7 | 0:1.6.3-14.jbcs.el7 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-9.jbcs.el7 | 0:1.6.1-9.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.29-17.jbcs.el7 | 0:2.4.29-17.jbcs.el7 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.29.0-8.jbcs.el7 | 0:1.29.0-8.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.0.2n-11.jbcs.el7 | 1:1.0.2n-11.jbcs.el7 |
| redhat/openssl | <1.0.2 | 1.0.2 |
| redhat/openssl | <1.1.0 | 1.1.0 |
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.4.0-2 | |
| OpenSSL libcrypto | >=1.0.2<1.0.2k | |
| OpenSSL libcrypto | >=1.1.0<1.1.0c | |
| Node.js | >=4.0.0<=4.1.2 | |
| Node.js | >=4.2.0<4.7.3 | |
| Node.js | >=6.0.0<=6.8.1 | |
| Node.js | >=6.9.0<6.9.5 | |
| Node.js | >=7.0.0<7.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2016-7055 https://nvd.nist.gov/vuln/detail/CVE-2016-7055 https://www.openssl.org/news/secadv/20161110.txt https://www.openssl.org/news/secadv/20170126.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1393929
- https://access.redhat.com/errata/RHSA-2018:2186
- https://access.redhat.com/errata/RHSA-2018:2185
- https://access.redhat.com/errata/RHSA-2018:2187
- https://access.redhat.com/security/cve/CVE-2016-7055
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/94242
- http://www.securitytracker.com/id/1037261
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
- https://security.gentoo.org/glsa/201702-07
- https://www.openssl.org/news/secadv/20161110.txt
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.tenable.com/security/tns-2017-04
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us
- https://launchpad.net/bugs/cve/CVE-2016-7055
- https://github.com/openssl/openssl/commit/2fac86d9abeaa643677d1ffd0a139239fdf9406a
- https://www.openssl.org/news/secadv/20170126.txt
- https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
- https://security-tracker.debian.org/tracker/CVE-2016-7055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
- https://nvd.nist.gov/vuln/detail/CVE-2016-7055
- https://ubuntu.com/security/CVE-2016-7055
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2016-7055?
The severity of CVE-2016-7055 is classified as low.
How do I fix CVE-2016-7055?
To fix CVE-2016-7055, upgrade to the recommended versions of affected packages as specified by Red Hat.
What does CVE-2016-7055 affect?
CVE-2016-7055 affects certain versions of OpenSSL and related Red Hat packages that utilize Montgomery multiplication.
Is CVE-2016-7055 exploitable in the wild?
While CVE-2016-7055 is a low severity issue, it could potentially lead to incorrect results in cryptographic operations, which may be exploited under specific conditions.
When was CVE-2016-7055 disclosed?
CVE-2016-7055 was disclosed on November 10, 2016.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-7055
- agent/software-canonical-lookup
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/openssl
- canonical/openssl libcrypto
- version/openssl libcrypto/1.0.2
- version/openssl libcrypto/1.1.0
- vendor/nodejs
- canonical/node.js
- version/node.js/4.0.0
- version/node.js/4.1.2
- version/node.js/4.2.0
- version/node.js/6.0.0
- version/node.js/6.8.1
- version/node.js/6.9.0
- version/node.js/7.0.0