Vulnerability Name: CVE-2016-6309 (CCN-117148) Assigned: 2016-09-26 Published: 2016-09-26 Updated: 2018-07-12 Summary: statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-416 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2016-6309 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016] affects IBM Cisco SAN switches and directors. IBM b-type SAN switches and directors affected by OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016]. Vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 - HTTPS support for Perl Collector Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence Vulnerabilities in OpenSSL affect Rational Insight IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities. Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 ) Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 ) Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Master Data Management Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. IBM Cognos Analytics is affected by multiple vulnerabilities Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager VMware (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) Multiple vulnerabilities have been identified in IBM Cognos Controller Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Oracle Critical Patch Update Advisory - January 2017 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html 93177 OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability 1036885 https://bto.bluecoat.com/security-advisory/sa132 openssl-cve20166309-dos(117148) https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 OpenSSL Security Advisory [26 Sep 2016] https://www.openssl.org/news/secadv/20160926.txt https://www.tenable.com/security/tns-2016-16 https://www.tenable.com/security/tns-2016-20 CVE-2016-6309 Vulnerable Configuration: Configuration 1 :cpe:/a:openssl:openssl:1.1.0a:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:openssl:openssl:1.1.0a:*:*:*:*:*:*:* AND cpe:/a:cisco:unified_meetingplace:-:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_virtual_server_protection:1.1.0.1:*:*:*:*:vmware:*:* OR cpe:/a:cisco:webex_meetings_server:-:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.0:*:*:*:*:*:*:* OR cpe:/a:cisco:jabber:-:-:*:*:*:windows:*:* OR cpe:/a:cisco:socialminer:-:*:*:*:*:*:*:* OR cpe:/a:cisco:anyconnect_secure_mobility_client:-:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_reporting:2.0:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.1:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.3:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.4:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.5:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.6:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:security_virtual_server_protection:1.1.1.0:*:*:*:*:vmware:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_network_manager:3.9:*:ip:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:express:1.5:*:*:*:unix:*:*:* OR cpe:/a:ibm:rational_reporting:5.0:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:5.0.1:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_reporting:5.0.2:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:workload_scheduler:8.6:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_scheduler:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_scheduler:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_scheduler:9.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.0.2:*:*:*:*:*:*:* OR cpe:/h:ibm:flex_system_manager_node:*:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:7.1:*:*:*:*:hyper-v:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.1:*:*:*:*:*:*:* OR cpe:/a:cisco:webex_node_for_mcs:-:*:*:*:*:*:*:* OR cpe:/a:cisco:jabber_software_development_kit:8.6(1):*:*:*:*:*:*:* OR cpe:/a:cisco:jabber:-:*:*:*:*:android:*:* OR cpe:/a:ibm:pureapplication_system:2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:cisco:jabber:-:*:*:*:*:mac:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.2.10:*:standard:*:*:*:*:* OR cpe:/a:cisco:jabber_guest:-:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:virtual_environments:*:*:* OR cpe:/a:ibm:contact_optimization:9.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:contact_optimization:9.1.2:*:*:*:*:*:*:* Oval Definitions BACK
openssl openssl 1.1.0a
openssl openssl 1.1.0a
cisco unified meetingplace -
ibm infosphere master data management 10.1
ibm infosphere master data management 10.0
ibm cognos business intelligence 10.1.1
ibm cognos business intelligence 10.2
ibm security virtual server protection 1.1.0.1
cisco webex meetings server -
ibm rational insight 1.1
ibm rational insight 1.1.1
ibm rational insight 1.1.1.1
ibm infosphere master data management 11.0
cisco jabber - -
cisco socialminer -
cisco anyconnect secure mobility client -
ibm cognos business intelligence 10.2.1
ibm tivoli storage flashcopy manager 3.1
ibm tivoli storage flashcopy manager 3.2
ibm tivoli storage flashcopy manager 4.1
ibm rational reporting 2.0
ibm rational reporting 2.0.1
ibm rational reporting 2.0.3
ibm rational reporting 2.0.4
ibm rational reporting 2.0.5
ibm rational reporting 2.0.6
ibm security virtual server protection 1.1.1.0
ibm infosphere master data management 11.3
ibm infosphere master data management 11.4
ibm tivoli network manager 3.9
ibm sterling connect:express 1.5
ibm rational reporting 5.0
ibm rational reporting 5.0.1
ibm rational insight 1.1.1.4
ibm rational insight 1.1.1.5
ibm rational insight 1.1.1.2
ibm rational insight 1.1.1.3
ibm pureapplication system 2.0
ibm cognos business intelligence 10.2.2
ibm tivoli common reporting 3.1
ibm tivoli common reporting 3.1.0.1
ibm tivoli common reporting 3.1.0.2
ibm pureapplication system 2.0.0.1
ibm rational insight 1.1.1.6
ibm pureapplication system 2.1.0.0
ibm rational reporting 5.0.2
ibm workload scheduler 8.6
ibm workload scheduler 9.1
ibm workload scheduler 9.2
ibm cognos controller 10.2.1
ibm cognos controller 10.1
ibm cognos controller 10.1.1
ibm cognos controller 10.2.0
ibm pureapplication system 2.1.0.1
ibm rational insight 1.1.1.7
ibm workload scheduler 9.3
ibm mobilefirst platform foundation 6.3
ibm mobilefirst platform foundation 7.0
ibm tivoli common reporting 3.1.2.0
ibm pureapplication system 2.1.0.2
ibm flex system manager node *
ibm pureapplication system 2.1.1.0
ibm spectrum protect for virtual environments 7.1
ibm tivoli common reporting 3.1.2.1
ibm pureapplication system 2.1.2.0
ibm mobilefirst platform foundation 7.1
ibm cognos analytics 11
ibm infosphere master data management 11.5
ibm pureapplication system 2.1.2.1
cisco webex node for mcs -
cisco jabber software development kit 8.6(1)
cisco jabber -
ibm pureapplication system 2.2.0.0
cisco jabber -
ibm pureapplication system 2.1.2.2
ibm mobilefirst platform foundation 6.1
ibm mobilefirst platform foundation 6.2
ibm pureapplication system 2.2.1.0
ibm pureapplication system 2.1.2.3
ibm tivoli common reporting 3.1.3.0
ibm spectrum control 5.2.10
cisco jabber guest -
ibm mobilefirst platform foundation 8.0
ibm infosphere master data management 11.6
ibm pureapplication system 2.2.2.0
ibm pureapplication system 2.2.2.1
ibm pureapplication system 2.1.2.4
ibm cognos analytics 11.0
ibm spectrum protect 8.1
ibm contact optimization 9.1.1
ibm contact optimization 9.1.2
Denotes that component is vulnerable