Main
Vulnerability Database
Exploits
ID:408 - Exploit for Traffic decryption in Apple Inc. products - CVE-2016-2107
ID:408 - Exploit for Traffic decryption in Apple Inc. products - CVE-2016-2107
Published: March 18, 2020
Vulnerability identifier: #VU639
Vulnerability risk: High
CVE-ID: CVE-2016-2107
CWE-ID: CWE-284
Exploitation vector: Remote access
Vulnerable software:
OpenSSL
Oracle Solaris
Oracle Access Manager
Oracle Exalogic Infrastructure
Enterprise Manager Base Platform
Oracle Agile Engineering Data Management
PeopleSoft Enterprise PeopleTools
Oracle Communications Unified Session Manager
Oracle VM VirtualBox
Oracle Secure Global Desktop
Oracle Business Intelligence Enterprise Edition
Oracle Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Transportation Management
Oracle Commerce Guided Search
Oracle Enterprise Session Border Controller
Oracle Life Sciences Data Hub
Primavera P6 Professional Project Management
Oracle Linux
macOS
OpenSSL
Oracle Solaris
Oracle Access Manager
Oracle Exalogic Infrastructure
Enterprise Manager Base Platform
Oracle Agile Engineering Data Management
PeopleSoft Enterprise PeopleTools
Oracle Communications Unified Session Manager
Oracle VM VirtualBox
Oracle Secure Global Desktop
Oracle Business Intelligence Enterprise Edition
Oracle Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Transportation Management
Oracle Commerce Guided Search
Oracle Enterprise Session Border Controller
Oracle Life Sciences Data Hub
Primavera P6 Professional Project Management
Oracle Linux
macOS
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to decrypt traffic on the target system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
Remediation
Update 1.0.1 to 1.0.1t.
Update 1.0.2 to 1.0.2h.
Update 1.0.2 to 1.0.2h.