Vulnerability Name:

CVE-2016-6307 (CCN-117113)

Assigned:2016-09-22
Published:2016-09-22
Updated:2022-12-13
Summary:
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2016-6307

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin T1025397 (Cloud Manager with Openstack)
Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager

Source: CCN
Type: IBM Security Bulletin T1025674 (SmartCloud Entry)
Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Source: CCN
Type: IBM Security Bulletin N1021643 (i)
Multiple Vulnerabilities in OpenSSL affect IBM i

Source: CCN
Type: IBM Security Bulletin S1010571 (Cisco MDS 9710 Multilayer Director)
OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016] affects IBM Cisco SAN switches and directors.

Source: CCN
Type: IBM Security Bulletin S1010578 (SAN512B-6 Director (8961-F08))
IBM b-type SAN switches and directors affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016].

Source: CCN
Type: IBM Security Bulletin S1010852 (Data ONTAP)
September 2016 OpenSSL Vulnerabilities affect Multiple N series Products

Source: CCN
Type: IBM Security Bulletin 1993061 (Sterling Connect:Express for UNIX)
Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix

Source: CCN
Type: IBM Security Bulletin 1994534 (Tealeaf Customer Experience)
Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Source: CCN
Type: IBM Security Bulletin 1994561 (PureData System for Analytics)
Multiple Vulnerabilities in Glibc, GNU C and OpenSSL affect IBM Netezza Firmware Diagnostics

Source: CCN
Type: IBM Security Bulletin 1994861 (Tealeaf Customer Experience)
Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Source: CCN
Type: IBM Security Bulletin 1995039 (Security Virtual Server Protection for VMware)
Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware

Source: CCN
Type: IBM Security Bulletin 1995129 (Spectrum Control Standard Edition)
Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Source: CCN
Type: IBM Security Bulletin 1995392 (Rational Reporting for Development Intelligence)
Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

Source: CCN
Type: IBM Security Bulletin 1995393 (Rational Insight)
Vulnerabilities in OpenSSL affect Rational Insight

Source: CCN
Type: IBM Security Bulletin 1995691 (Cognos Business Intelligence)
IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 1996032 (Tivoli Common Reporting)
IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 1996096 (Workload Scheduler)
Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler

Source: CCN
Type: IBM Security Bulletin 1996275 (InfoSphere Master Data Management)
Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Master Data Management

Source: CCN
Type: IBM Security Bulletin 2000095 (Cognos Analytics)
IBM Cognos Analytics is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 2000740 (Cognos Controller)
Multiple vulnerabilities have been identified in IBM Cognos Controller

Source: CCN
Type: IBM Security Bulletin 2003620 (Spectrum Protect for Virtual Environments)
Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Source: CCN
Type: IBM Security Bulletin C1000213 (MobileFirst Platform Foundation)
Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Oracle CPUJan2017
Oracle Critical Patch Update Advisory - January 2017

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-93152
OpenSSL CVE-2016-6307 Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
openssl-cve20166307-dos(117113)

Source: secalert@redhat.com
Type: Issue Tracking
secalert@redhat.com

Source: CCN
Type: Cisco Security Advisory cisco-sa-20160927-openssl
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

Source: CCN
Type: OpenSSL Security Advisory [22 Sep 2016]
OpenSSL Security Advisory [22 Sep 2016]

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-6307

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:cisco:unified_meetingplace:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_virtual_server_protection:1.1.0.1:*:*:*:*:vmware:*:*
  • OR cpe:/a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:jabber:-:-:*:*:*:windows:*:*
  • OR cpe:/a:cisco:socialminer:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:anyconnect_secure_mobility_client:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.1:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.3:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.4:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.5:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.6:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tealeaf_customer_experience:16.1.01:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_virtual_server_protection:1.1.1.0:*:*:*:*:vmware:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:puredata_system:1.0.0:*:*:*:analytics:*:*:*
  • OR cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*
  • OR cpe:/a:ibm:sterling_connect:express:1.5:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:rational_reporting:5.0:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:5.0.1:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_reporting:5.0.2:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_manager:4.3.0:*:*:*:*:openstack:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:7.1:*:*:*:*:hyper-v:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:webex_node_for_mcs:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:jabber_software_development_kit:8.6(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:jabber:-:*:*:*:*:android:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:jabber:-:*:*:*:*:mac:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.10:*:standard:*:*:*:*:*
  • OR cpe:/a:cisco:jabber_guest:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:virtual_environments:*:*:*
  • OR cpe:/a:ibm:data_ontap:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_ontap:8.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_ontap:8.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_ontap:8.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:1927
    V
    		Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a - CVE-2016-6307
    2017-03-03
    oval:com.ubuntu.precise:def:20166307000
    V
    		CVE-2016-6307 on Ubuntu 12.04 LTS (precise) - low.
    2016-09-26
    oval:com.ubuntu.xenial:def:201663070000000
    V
    		CVE-2016-6307 on Ubuntu 16.04 LTS (xenial) - low.
    2016-09-26
    oval:com.ubuntu.trusty:def:20166307000
    V
    		CVE-2016-6307 on Ubuntu 14.04 LTS (trusty) - low.
    2016-09-26
    oval:com.ubuntu.xenial:def:20166307000
    V
    		CVE-2016-6307 on Ubuntu 16.04 LTS (xenial) - low.
    2016-09-26
    BACK
    openssl openssl 1.1.0
    cisco unified meetingplace -
    ibm infosphere master data management 10.1
    ibm infosphere master data management 10.0
    ibm cognos business intelligence 10.1.1
    ibm cognos business intelligence 10.2
    ibm security virtual server protection 1.1.0.1
    cisco webex meetings server -
    ibm rational insight 1.1
    ibm rational insight 1.1.1
    ibm rational insight 1.1.1.1
    ibm infosphere master data management 11.0
    cisco jabber - -
    cisco socialminer -
    cisco anyconnect secure mobility client -
    ibm cognos business intelligence 10.2.1
    ibm rational reporting 2.0
    ibm rational reporting 2.0.1
    ibm rational reporting 2.0.3
    ibm rational reporting 2.0.4
    ibm rational reporting 2.0.5
    ibm rational reporting 2.0.6
    ibm smartcloud entry 3.1
    ibm smartcloud entry 3.2
    ibm tealeaf customer experience 16.1.01
    ibm security virtual server protection 1.1.1.0
    ibm i 7.1
    ibm i 7.2
    ibm infosphere master data management 11.3
    ibm infosphere master data management 11.4
    ibm puredata system 1.0.0
    ibm cloud manager 4.1.0
    ibm sterling connect:express 1.5
    ibm rational reporting 5.0
    ibm rational reporting 5.0.1
    ibm rational insight 1.1.1.4
    ibm rational insight 1.1.1.5
    ibm rational insight 1.1.1.2
    ibm rational insight 1.1.1.3
    ibm cognos business intelligence 10.2.2
    ibm tivoli common reporting 3.1
    ibm tivoli common reporting 3.1.0.1
    ibm tivoli common reporting 3.1.0.2
    ibm rational insight 1.1.1.6
    ibm rational reporting 5.0.2
    ibm workload scheduler 8.6
    ibm workload scheduler 9.1
    ibm workload scheduler 9.2
    ibm cognos controller 10.2.1
    ibm cognos controller 10.1
    ibm cognos controller 10.1.1
    ibm cognos controller 10.2.0
    ibm rational insight 1.1.1.7
    ibm workload scheduler 9.3
    ibm mobilefirst platform foundation 6.3
    ibm mobilefirst platform foundation 7.0
    ibm tivoli common reporting 3.1.2.0
    ibm cloud manager 4.3.0
    ibm spectrum protect for virtual environments 7.1
    ibm tivoli common reporting 3.1.2.1
    ibm mobilefirst platform foundation 7.1
    ibm cognos analytics 11
    ibm infosphere master data management 11.5
    cisco webex node for mcs -
    cisco jabber software development kit 8.6(1)
    cisco jabber -
    ibm i 7.3
    cisco jabber -
    ibm mobilefirst platform foundation 6.1
    ibm mobilefirst platform foundation 6.2
    ibm tivoli common reporting 3.1.3.0
    ibm spectrum control 5.2.10
    cisco jabber guest -
    ibm mobilefirst platform foundation 8.0
    ibm infosphere master data management 11.6
    ibm cognos analytics 11.0
    ibm spectrum protect 8.1
    ibm data ontap 8.2.1
    ibm data ontap 8.2.2
    ibm data ontap 8.2.3
    ibm data ontap 8.2.4