CVE-2016-8610
First published: Fri Oct 14 2016(Updated: )
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-httpd | <0:2.4.23-120.jbcs.el6 | 0:2.4.23-120.jbcs.el6 |
| redhat/jbcs-httpd24-openssl | <1:1.0.2h-13.jbcs.el6 | 1:1.0.2h-13.jbcs.el6 |
| redhat/jbcs-httpd24-httpd | <0:2.4.23-120.jbcs.el7 | 0:2.4.23-120.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.0.2h-13.jbcs.el7 | 1:1.0.2h-13.jbcs.el7 |
| redhat/openssl | <0:1.0.1e-48.el6_8.4 | 0:1.0.1e-48.el6_8.4 |
| redhat/gnutls | <0:2.12.23-21.el6 | 0:2.12.23-21.el6 |
| redhat/openssl | <1:1.0.1e-60.el7_3.1 | 1:1.0.1e-60.el7_3.1 |
| redhat/tomcat6 | <0:6.0.41-17_patch_04.ep6.el6 | 0:6.0.41-17_patch_04.ep6.el6 |
| redhat/tomcat7 | <0:7.0.54-25_patch_05.ep6.el6 | 0:7.0.54-25_patch_05.ep6.el6 |
| redhat/tomcat6 | <0:6.0.41-17_patch_04.ep6.el7 | 0:6.0.41-17_patch_04.ep6.el7 |
| redhat/tomcat7 | <0:7.0.54-25_patch_05.ep6.el7 | 0:7.0.54-25_patch_05.ep6.el7 |
| redhat/log4j-eap6 | <0:1.2.16-12.redhat_3.1.ep6.el6 | 0:1.2.16-12.redhat_3.1.ep6.el6 |
| redhat/tomcat7 | <0:7.0.70-22.ep7.el6 | 0:7.0.70-22.ep7.el6 |
| redhat/tomcat8 | <0:8.0.36-24.ep7.el6 | 0:8.0.36-24.ep7.el6 |
| redhat/tomcat-native | <0:1.2.8-10.redhat_10.ep7.el6 | 0:1.2.8-10.redhat_10.ep7.el6 |
| redhat/log4j-eap6 | <0:1.2.16-12.redhat_3.1.ep6.el7 | 0:1.2.16-12.redhat_3.1.ep6.el7 |
| redhat/tomcat7 | <0:7.0.70-22.ep7.el7 | 0:7.0.70-22.ep7.el7 |
| redhat/tomcat8 | <0:8.0.36-24.ep7.el7 | 0:8.0.36-24.ep7.el7 |
| redhat/tomcat-native | <0:1.2.8-10.redhat_10.ep7.el7 | 0:1.2.8-10.redhat_10.ep7.el7 |
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.4.0-2 | |
| OpenSSL libcrypto | >=1.0.2<=1.0.2h | |
| OpenSSL libcrypto | =0.9.8 | |
| OpenSSL libcrypto | =1.0.1 | |
| OpenSSL libcrypto | =1.1.0 | |
| Debian | =8.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.3 | |
| redhat enterprise Linux server aus | =7.4 | |
| redhat enterprise Linux server aus | =7.6 | |
| redhat enterprise Linux server eus | =7.3 | |
| redhat enterprise Linux server eus | =7.4 | |
| redhat enterprise Linux server eus | =7.5 | |
| redhat enterprise Linux server eus | =7.6 | |
| redhat enterprise Linux server tus | =7.3 | |
| redhat enterprise Linux server tus | =7.6 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 | |
| All of | ||
| Any of | ||
| redhat jboss enterprise application platform | =6.0.0 | |
| redhat jboss enterprise application platform | =6.4.0 | |
| Any of | ||
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| All of | ||
| NetApp CN1610 | ||
| NetApp CN1610 Firmware | ||
| netapp clustered data ontap antivirus connector | ||
| IBM Data ONTAP | ||
| NetApp Data ONTAP Edge | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.40 | |
| netapp host agent | ||
| NetApp OnCommand Balance | ||
| NetApp OnCommand Unified Manager for 7-Mode | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp ONTAP Select Deploy Utility | ||
| NetApp Service Processor | ||
| netapp smi-s provider | ||
| NetApp SnapCenter | ||
| NetApp SnapDrive for Unix | ||
| netapp storagegrid | ||
| NetApp StorageGRID Webscale | ||
| IBM Data ONTAP | ||
| Palo Alto Networks PAN-OS | <=6.1.17 | |
| Palo Alto Networks PAN-OS | >=7.0.0<=7.0.15 | |
| Palo Alto Networks PAN-OS | >=7.1.0<=7.1.10 | |
| Oracle Adaptive Access Manager | =11.1.2.3.0 | |
| Oracle Application Testing Suite | =13.3.0.1 | |
| oracle communications analytics | =12.1.1 | |
| Oracle Communications IP Service Activator | =7.3.4 | |
| Oracle Communications IP Service Activator | =7.4.0 | |
| Oracle Core RDBMS | =11.2.0.4 | |
| Oracle Core RDBMS | =12.1.0.2 | |
| Oracle Core RDBMS | =12.2.0.1 | |
| Oracle Core RDBMS | =18c | |
| Oracle Core RDBMS | =19c | |
| Oracle Enterprise Manager Ops Center | =12.3.3 | |
| Oracle Enterprise Manager Ops Center | =12.4.0 | |
| Oracle GoldenGate Application Adapters | =12.3.2.1.0 | |
| Oracle JD Edwards EnterpriseOne Tools | =9.2 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle Retail Predictive Application Server | =15.0.3 | |
| Oracle Retail Predictive Application Server | =16.0.3 | |
| Oracle TimesTen In-Memory Database | <18.1.4.1.0 | |
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| All of | ||
| Any of | ||
| Oracle Fujitsu M10-1 Firmware | <xcp2361 | |
| Oracle Fujitsu M10-1 Firmware | >=xcp3000<xcp3070 | |
| Oracle Fujitsu M10-1 | ||
| All of | ||
| Any of | ||
| Oracle Fujitsu M10-4 Firmware | <xcp2361 | |
| Oracle Fujitsu M10-4 Firmware | >=xcp3000<xcp3070 | |
| Oracle Fujitsu M10-4 | ||
| All of | ||
| Any of | ||
| fujitsu m10-4s firmware | <xcp2361 | |
| fujitsu m10-4s firmware | >=xcp3000<xcp3070 | |
| fujitsu m10-4s | ||
| All of | ||
| Any of | ||
| Oracle Fujitsu M12-1 Firmware | <xcp2361 | |
| Oracle Fujitsu M12-1 Firmware | >=xcp3000<xcp3070 | |
| Oracle Fujitsu M12-1 Firmware | ||
| All of | ||
| Any of | ||
| Oracle Fujitsu M12-2 Firmware | <xcp2361 | |
| Oracle Fujitsu M12-2 Firmware | >=xcp3000<xcp3070 | |
| fujitsu m12-2 | ||
| All of | ||
| Any of | ||
| fujitsu m12-2s firmware | <xcp2361 | |
| fujitsu m12-2s firmware | >=xcp3000<xcp3070 | |
| Fujitsu SPARC M12-2S | ||
| redhat jboss enterprise application platform | =6.0.0 | |
| redhat jboss enterprise application platform | =6.4.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| NetApp CN1610 | ||
| NetApp CN1610 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2016-8610 https://nvd.nist.gov/vuln/detail/CVE-2016-8610 http://security.360.cn/cve/CVE-2016-8610
- https://bugzilla.redhat.com/show_bug.cgi?id=1384743
- https://access.redhat.com/errata/RHSA-2017:1414
- https://access.redhat.com/errata/RHSA-2017:1413
- https://access.redhat.com/errata/RHSA-2017:0286
- https://access.redhat.com/errata/RHSA-2017:0574
- https://access.redhat.com/errata/RHSA-2017:1415
- https://access.redhat.com/errata/RHSA-2017:1659
- https://access.redhat.com/errata/RHSA-2017:1658
- https://access.redhat.com/errata/RHSA-2017:2493
- https://access.redhat.com/errata/RHSA-2017:2494
- https://access.redhat.com/errata/RHSA-2017:1802
- https://access.redhat.com/errata/RHSA-2017:1801
- https://access.redhat.com/security/cve/CVE-2016-8610
- https://security.360.cn/cve/CVE-2016-8610/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://www.securitytracker.com/id/1037084
- http://www.securityfocus.com/bid/93841
- https://www.debian.org/security/2017/dsa-3773
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
- http://rhn.redhat.com/errata/RHSA-2017-0286.html
- http://rhn.redhat.com/errata/RHSA-2017-0574.html
- http://rhn.redhat.com/errata/RHSA-2017-1415.html
- http://rhn.redhat.com/errata/RHSA-2017-1659.html
- http://seclists.org/oss-sec/2016/q4/224
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401
- https://security.netapp.com/advisory/ntap-20171130-0001/
- https://security.paloaltonetworks.com/CVE-2016-8610
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
- https://launchpad.net/bugs/cve/CVE-2016-8610
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
- https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
- http://security.360.cn/cve/CVE-2016-8610
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1388728
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1388727
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1388725
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1388726
- https://rhn.redhat.com/errata/RHSA-2017-0286.html
- https://rhn.redhat.com/errata/RHSA-2017-0574.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
- https://www.openwall.com/lists/oss-security/2016/10/24/3
- https://security-tracker.debian.org/tracker/CVE-2016-8610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
- https://nvd.nist.gov/vuln/detail/CVE-2016-8610
- https://ubuntu.com/security/CVE-2016-8610
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2016-8610?
CVE-2016-8610 is classified as a denial of service vulnerability that can lead to excessive CPU consumption on affected OpenSSL servers.
How do I fix CVE-2016-8610?
To fix CVE-2016-8610, update OpenSSL to a version higher than 1.0.2h or apply patches provided by your Linux distribution.
Which versions of OpenSSL are affected by CVE-2016-8610?
CVE-2016-8610 affects OpenSSL versions 0.9.8, 1.0.1, and 1.0.2 through 1.0.2h, as well as 1.1.0.
Can CVE-2016-8610 be exploited remotely?
Yes, an attacker can remotely exploit CVE-2016-8610 via crafted ALERT packets during a TLS/SSL handshake.
What should I do if I cannot update OpenSSL immediately for CVE-2016-8610?
If immediate updates are not possible for CVE-2016-8610, consider implementing network measures to filter or block malicious traffic that exploits this vulnerability.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8610
- agent/weakness
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/openssl
- canonical/openssl libcrypto
- version/openssl libcrypto/1.0.2
- version/openssl libcrypto/1.0.2h
- version/openssl libcrypto/0.9.8
- version/openssl libcrypto/1.0.1
- version/openssl libcrypto/1.1.0
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/6.0.0
- version/redhat jboss enterprise application platform/6.4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/netapp
- canonical/netapp cn1610
- canonical/netapp cn1610 firmware
- canonical/netapp clustered data ontap antivirus connector
- canonical/ibm data ontap
- canonical/netapp data ontap edge
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.40
- canonical/netapp host agent
- canonical/netapp oncommand balance
- canonical/netapp oncommand unified manager for 7-mode
- canonical/netapp oncommand workflow automation
- canonical/netapp ontap select deploy utility
- canonical/netapp service processor
- canonical/netapp smi-s provider
- canonical/netapp snapcenter
- canonical/netapp snapdrive for unix
- canonical/netapp storagegrid
- canonical/netapp storagegrid webscale
- vendor/paloaltonetworks
- canonical/palo alto networks pan-os
- version/palo alto networks pan-os/6.1.17
- version/palo alto networks pan-os/7.0.0
- version/palo alto networks pan-os/7.0.15
- version/palo alto networks pan-os/7.1.0
- version/palo alto networks pan-os/7.1.10
- vendor/oracle
- canonical/oracle adaptive access manager
- version/oracle adaptive access manager/11.1.2.3.0
- canonical/oracle application testing suite
- version/oracle application testing suite/13.3.0.1
- canonical/oracle communications analytics
- version/oracle communications analytics/12.1.1
- canonical/oracle communications ip service activator
- version/oracle communications ip service activator/7.3.4
- version/oracle communications ip service activator/7.4.0
- canonical/oracle core rdbms
- version/oracle core rdbms/11.2.0.4
- version/oracle core rdbms/12.1.0.2
- version/oracle core rdbms/12.2.0.1
- version/oracle core rdbms/18c
- version/oracle core rdbms/19c
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.3.3
- version/oracle enterprise manager ops center/12.4.0
- canonical/oracle goldengate application adapters
- version/oracle goldengate application adapters/12.3.2.1.0
- canonical/oracle jd edwards enterpriseone tools
- version/oracle jd edwards enterpriseone tools/9.2
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.56
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- canonical/oracle retail predictive application server
- version/oracle retail predictive application server/15.0.3
- version/oracle retail predictive application server/16.0.3
- canonical/oracle timesten in-memory database
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.3.0
- version/oracle weblogic server/12.2.1.4.0
- vendor/fujitsu
- canonical/oracle fujitsu m10-1 firmware
- version/oracle fujitsu m10-1 firmware/xcp3000
- canonical/oracle fujitsu m10-1
- canonical/oracle fujitsu m10-4 firmware
- version/oracle fujitsu m10-4 firmware/xcp3000
- canonical/oracle fujitsu m10-4
- canonical/fujitsu m10-4s firmware
- version/fujitsu m10-4s firmware/xcp3000
- canonical/fujitsu m10-4s
- canonical/oracle fujitsu m12-1 firmware
- version/oracle fujitsu m12-1 firmware/xcp3000
- canonical/oracle fujitsu m12-2 firmware
- version/oracle fujitsu m12-2 firmware/xcp3000
- canonical/fujitsu m12-2
- canonical/fujitsu m12-2s firmware
- version/fujitsu m12-2s firmware/xcp3000
- canonical/fujitsu sparc m12-2s