CVE-2016-8610 - CVE Vulnerability

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVSS:0.0) (Last Update:2017-11-13)

Vulnerability Details : A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Publish Date : 2017-11-13 Last Update Date : 2017-11-13 - CVSS Scores & Vulnerability Types CVSS Score 0.0 Confidentiality Impact ??? Integrity Impact ??? Availability Impact ??? Access Complexity ??? Authentication ??? Gained Access None Vulnerability Type(s) Denial Of Service CWE ID CWE id is not defined for this vulnerability - Related OVAL Definitions Title Definition Id Class Family RHSA-2017:0286: openssl security update (Moderate) oval:com.redhat.rhsa:def:20170286 unix RHSA-2017:0574: gnutls security, bug fix, and enhancement update (Moderate) oval:com.redhat.rhsa:def:20170574 unix OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability. - Products Affected By CVE-2016-8610 # Product Type Vendor Product Version Update Edition Language No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. - References For CVE-2016-8610 http://seclists.org/oss-sec/2016/q4/224 MLIST [oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 CONFIRM

- Metasploit Modules Related To CVE-2016-8610 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)