The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a DROWN attack.
Find out more about CVE-2016-0800 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
Wind River Linux 8 | Fixed |
LIN8-2885 |
8.0.0.3 | -- |
Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
Wind River Linux 7 | Fixed | -- | 7.0.0.14 | -- |
Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
Wind River Linux 6 | Fixed | -- | 6.0.0.29 | -- |
Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
VxWorks | ||||
VxWorks 7 | Fixed |
V7SEC-202 |
openSSL-1.0.7.0 | -- |
VxWorks 6.9 | Fixed |
VXW6-85377 |
6.9.4.8 |
Wind River VxWorks 20160301 Security Alert for openssl VxWorks 6.9 source patch for Defect VXW6-85377 Service Pack 8 for VxWorks 6.9.4 and VxWorks Edition 6.9.4 Platforms |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
Product Name | Status | Defect | Fixed | Downloads |
---|