Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 53 products from openssl, from debian, from redhat and 50 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-11-13T22:29:00.203

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-400
Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	≤ 1.0.2h	Yes
Application	openssl	openssl	0.9.8	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.1.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_eus	7.3	Yes
Operating System	redhat	enterprise_linux_server_eus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.5	Yes
Operating System	redhat	enterprise_linux_server_eus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	redhat	jboss_enterprise_application_platform	6.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	6.4.0	Yes
Operating System	redhat	enterprise_linux	6.0	No
Operating System	redhat	enterprise_linux	7.0	No
Operating System	netapp	cn1610_firmware	-	Yes
Hardware	netapp	cn1610	-	No
Application	netapp	clustered_data_ontap_antivirus_connector	-	Yes
Application	netapp	data_ontap	-	Yes
Application	netapp	data_ontap_edge	-	Yes
Application	netapp	e-series_santricity_os_controller	≤ 11.40	Yes
Application	netapp	host_agent	-	Yes
Application	netapp	oncommand_balance	-	Yes
Application	netapp	oncommand_unified_manager	-	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	ontap_select_deploy	-	Yes
Application	netapp	service_processor	-	Yes
Application	netapp	smi-s_provider	-	Yes
Application	netapp	snapcenter_server	-	Yes
Application	netapp	snapdrive	-	Yes
Application	netapp	storagegrid	-	Yes
Application	netapp	storagegrid_webscale	-	Yes
Operating System	netapp	clustered_data_ontap	-	Yes
Operating System	paloaltonetworks	pan-os	≤ 6.1.17	Yes
Operating System	paloaltonetworks	pan-os	≤ 7.0.15	Yes
Operating System	paloaltonetworks	pan-os	≤ 7.1.10	Yes
Application	oracle	adaptive_access_manager	11.1.2.3.0	Yes
Application	oracle	application_testing_suite	13.3.0.1	Yes
Application	oracle	communications_analytics	12.1.1	Yes
Application	oracle	communications_ip_service_activator	7.3.4	Yes
Application	oracle	communications_ip_service_activator	7.4.0	Yes
Application	oracle	core_rdbms	11.2.0.4	Yes
Application	oracle	core_rdbms	12.1.0.2	Yes
Application	oracle	core_rdbms	12.2.0.1	Yes
Application	oracle	core_rdbms	18c	Yes
Application	oracle	core_rdbms	19c	Yes
Application	oracle	enterprise_manager_ops_center	12.3.3	Yes
Application	oracle	enterprise_manager_ops_center	12.4.0	Yes
Application	oracle	goldengate_application_adapters	12.3.2.1.0	Yes
Application	oracle	jd_edwards_enterpriseone_tools	9.2	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.56	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	retail_predictive_application_server	15.0.3	Yes
Application	oracle	retail_predictive_application_server	16.0.3	Yes
Application	oracle	timesten_in-memory_database	< 18.1.4.1.0	Yes
Application	oracle	weblogic_server	10.3.6.0.0	Yes
Application	oracle	weblogic_server	12.1.3.0.0	Yes
Application	oracle	weblogic_server	12.2.1.3.0	Yes
Application	oracle	weblogic_server	12.2.1.4.0	Yes
Operating System	fujitsu	m10-1_firmware	< xcp2361	Yes
Operating System	fujitsu	m10-1_firmware	< xcp3070	Yes
Hardware	fujitsu	m10-1	-	No
Operating System	fujitsu	m10-4_firmware	< xcp2361	Yes
Operating System	fujitsu	m10-4_firmware	< xcp3070	Yes
Hardware	fujitsu	m10-4	-	No
Operating System	fujitsu	m10-4s_firmware	< xcp2361	Yes
Operating System	fujitsu	m10-4s_firmware	< xcp3070	Yes
Hardware	fujitsu	m10-4s	-	No
Operating System	fujitsu	m12-1_firmware	< xcp2361	Yes
Operating System	fujitsu	m12-1_firmware	< xcp3070	Yes
Hardware	fujitsu	m12-1	-	No
Operating System	fujitsu	m12-2_firmware	< xcp2361	Yes
Operating System	fujitsu	m12-2_firmware	< xcp3070	Yes
Hardware	fujitsu	m12-2	-	No
Operating System	fujitsu	m12-2s_firmware	< xcp2361	Yes
Operating System	fujitsu	m12-2s_firmware	< xcp3070	Yes
Hardware	fujitsu	m12-2s	-	No

References

http://rhn.redhat.com/errata/RHSA-2017-0286.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-0574.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-1415.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-1659.html Third Party Advisory ([email protected])
http://seclists.org/oss-sec/2016/q4/224 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/93841 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037084 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:1413 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1414 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1658 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1801 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1802 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2493 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2494 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 Broken Link ([email protected])
https://security.360.cn/cve/CVE-2016-8610/ Third Party Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20171130-0001/ Third Party Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2016-8610 Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us Third Party Advisory ([email protected])
https://www.debian.org/security/2017/dsa-3773 Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-0286.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2017-0574.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2017-1415.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2017-1659.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2016/q4/224 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/93841 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037084 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1414 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1658 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1801 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1802 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2493 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2494 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://security.360.cn/cve/CVE-2016-8610/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20171130-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.paloaltonetworks.com/CVE-2016-8610 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-3773 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For openssl's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.