CVE-2016-0701

LOW Year: 2016
CVSS v3 Score
3.7
Low
CVSS v2 Score
2.6
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Related Vulnerabilities

CVE-2014-4876

LOW
CVSS:3.7(Low)

Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted r...

CWE-2002014

CVE-2015-4989

LOW
CVSS:3.7(Low)

The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0...

CWE-2002015

CVE-2015-6858

LOW
CVSS:3.7(Low)

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

CWE-2002015

CVE-2015-7420

LOW
CVSS:3.7(Low)

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.

CWE-2002015

CVE-2015-7421

LOW
CVSS:3.7(Low)

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.

CWE-2002015

CVE-2015-7886

LOW
CVSS:3.7(Low)

NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

CWE-2002015