First published: Fri Oct 14 2016(Updated: )
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-httpd | <0:2.4.23-120.jbcs.el6 | 0:2.4.23-120.jbcs.el6 |
redhat/jbcs-httpd24-openssl | <1:1.0.2h-13.jbcs.el6 | 1:1.0.2h-13.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.23-120.jbcs.el7 | 0:2.4.23-120.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1:1.0.2h-13.jbcs.el7 | 1:1.0.2h-13.jbcs.el7 |
redhat/openssl | <0:1.0.1e-48.el6_8.4 | 0:1.0.1e-48.el6_8.4 |
redhat/gnutls | <0:2.12.23-21.el6 | 0:2.12.23-21.el6 |
redhat/openssl | <1:1.0.1e-60.el7_3.1 | 1:1.0.1e-60.el7_3.1 |
redhat/tomcat6 | <0:6.0.41-17_patch_04.ep6.el6 | 0:6.0.41-17_patch_04.ep6.el6 |
redhat/tomcat7 | <0:7.0.54-25_patch_05.ep6.el6 | 0:7.0.54-25_patch_05.ep6.el6 |
redhat/tomcat6 | <0:6.0.41-17_patch_04.ep6.el7 | 0:6.0.41-17_patch_04.ep6.el7 |
redhat/tomcat7 | <0:7.0.54-25_patch_05.ep6.el7 | 0:7.0.54-25_patch_05.ep6.el7 |
redhat/log4j-eap6 | <0:1.2.16-12.redhat_3.1.ep6.el6 | 0:1.2.16-12.redhat_3.1.ep6.el6 |
redhat/tomcat7 | <0:7.0.70-22.ep7.el6 | 0:7.0.70-22.ep7.el6 |
redhat/tomcat8 | <0:8.0.36-24.ep7.el6 | 0:8.0.36-24.ep7.el6 |
redhat/tomcat-native | <0:1.2.8-10.redhat_10.ep7.el6 | 0:1.2.8-10.redhat_10.ep7.el6 |
redhat/log4j-eap6 | <0:1.2.16-12.redhat_3.1.ep6.el7 | 0:1.2.16-12.redhat_3.1.ep6.el7 |
redhat/tomcat7 | <0:7.0.70-22.ep7.el7 | 0:7.0.70-22.ep7.el7 |
redhat/tomcat8 | <0:8.0.36-24.ep7.el7 | 0:8.0.36-24.ep7.el7 |
redhat/tomcat-native | <0:1.2.8-10.redhat_10.ep7.el7 | 0:1.2.8-10.redhat_10.ep7.el7 |
OpenSSL OpenSSL | >=1.0.2<=1.0.2h | |
OpenSSL OpenSSL | =0.9.8 | |
OpenSSL OpenSSL | =1.0.1 | |
OpenSSL OpenSSL | =1.1.0 | |
Debian Debian Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.3 | |
Redhat Enterprise Linux Server Eus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Redhat Jboss Enterprise Application Platform | =6.0.0 | |
Redhat Jboss Enterprise Application Platform | =6.4.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
Netapp Data Ontap 7-mode | ||
Netapp Data Ontap Edge | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.40 | |
Netapp Host Agent | ||
NetApp OnCommand Balance | ||
Netapp Oncommand Unified Manager 7-mode | ||
NetApp OnCommand Workflow Automation | ||
Netapp Ontap Select Deploy | ||
NetApp Service Processor | ||
Netapp Smi-s Provider | ||
NetApp SnapCenter Server | ||
Netapp Snapdrive Unix | ||
Netapp Storagegrid | ||
NetApp StorageGRID Webscale | ||
NetApp Clustered Data ONTAP | ||
All of | ||
Any of | ||
Redhat Jboss Enterprise Application Platform | =6.0.0 | |
Redhat Jboss Enterprise Application Platform | =6.4.0 | |
Any of | ||
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
All of | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
Paloaltonetworks Pan-os | <=6.1.17 | |
Paloaltonetworks Pan-os | >=7.0.0<=7.0.15 | |
Paloaltonetworks Pan-os | >=7.1.0<=7.1.10 | |
Oracle Adaptive Access Manager | =11.1.2.3.0 | |
Oracle Application Testing Suite | =13.3.0.1 | |
Oracle Communications Analytics | =12.1.1 | |
Oracle Communications Ip Service Activator | =7.3.4 | |
Oracle Communications Ip Service Activator | =7.4.0 | |
Oracle Core Rdbms | =11.2.0.4 | |
Oracle Core Rdbms | =12.1.0.2 | |
Oracle Core Rdbms | =12.2.0.1 | |
Oracle Core Rdbms | =18c | |
Oracle Core Rdbms | =19c | |
Oracle Enterprise Manager Ops Center | =12.3.3 | |
Oracle Enterprise Manager Ops Center | =12.4.0 | |
Oracle Goldengate Application Adapters | =12.3.2.1.0 | |
Oracle Jd Edwards Enterpriseone Tools | =9.2 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Retail Predictive Application Server | =15.0.3 | |
Oracle Retail Predictive Application Server | =16.0.3 | |
Oracle TimesTen In-Memory Database | <18.1.4.1.0 | |
Oracle WebLogic Server | =10.3.6.0.0 | |
Oracle WebLogic Server | =12.1.3.0.0 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
All of | ||
Any of | ||
Fujitsu M10-1 Firmware | <xcp2361 | |
Fujitsu M10-1 Firmware | >=xcp3000<xcp3070 | |
Fujitsu M10-1 | ||
All of | ||
Any of | ||
Fujitsu M10-4 Firmware | <xcp2361 | |
Fujitsu M10-4 Firmware | >=xcp3000<xcp3070 | |
Fujitsu M10-4 | ||
All of | ||
Any of | ||
Fujitsu M10-4s Firmware | <xcp2361 | |
Fujitsu M10-4s Firmware | >=xcp3000<xcp3070 | |
Fujitsu M10-4s | ||
All of | ||
Any of | ||
Fujitsu M12-1 Firmware | <xcp2361 | |
Fujitsu M12-1 Firmware | >=xcp3000<xcp3070 | |
Fujitsu M12-1 | ||
All of | ||
Any of | ||
Fujitsu M12-2 Firmware | <xcp2361 | |
Fujitsu M12-2 Firmware | >=xcp3000<xcp3070 | |
Fujitsu M12-2 | ||
All of | ||
Any of | ||
Fujitsu M12-2s Firmware | <xcp2361 | |
Fujitsu M12-2s Firmware | >=xcp3000<xcp3070 | |
Fujitsu M12-2s | ||
debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)