Think you have a false positive on this rule?

Sid 1-38060

Message

POLICY-OTHER SSLv2 Client Hello attempt

Summary

ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and getclienthello functions.

Impact

CVSS base score 5.9 CVSS impact score 3.6 CVSS exploitability score 2.2 confidentialityImpact HIGH integrityImpact NONE availabilityImpact NONE

CVE-2015-3197:

CVSS base score 5.9

CVSS impact score 3.6

CVSS exploitability score 2.2

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

CVE-2016-0800:

CVSS base score 5.9

CVSS impact score 3.6

CVSS exploitability score 2.2

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2015-3197: ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and getclienthello functions.

CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Affected systems

  • openssl openssl 1.0.1
  • openssl openssl 1.0.1a
  • openssl openssl 1.0.1b
  • openssl openssl 1.0.1c
  • openssl openssl 1.0.1d
  • openssl openssl 1.0.1e
  • openssl openssl 1.0.1f
  • openssl openssl 1.0.1g
  • openssl openssl 1.0.1h
  • openssl openssl 1.0.1i
  • openssl openssl 1.0.1j
  • openssl openssl 1.0.1k
  • openssl openssl 1.0.1l
  • openssl openssl 1.0.1m
  • openssl openssl 1.0.1n
  • openssl openssl 1.0.1o
  • openssl openssl 1.0.1p
  • openssl openssl 1.0.1q
  • openssl openssl 1.0.2
  • openssl openssl 1.0.2a
  • openssl openssl 1.0.2b
  • openssl openssl 1.0.2c
  • openssl openssl 1.0.2d
  • openssl openssl 1.0.2e
  • oracle exalogic_infrastructure 1.0
  • oracle exalogic_infrastructure 2.0
  • oracle osssupporttools 8.11.16.3.8
  • oracle peoplesoftenterprisepeopletools 8.53
  • oracle peoplesoftenterprisepeopletools 8.54
  • oracle peoplesoftenterprisepeopletools 8.55
  • oracle tuxedo 12.1.1.0
  • oracle vm_virtualbox 5.0.16
  • openssl openssl 1.0.1r
  • openssl openssl 1.0.2f
  • pulsesecure client -
  • pulsesecure steelbeltedradius -

Ease of attack

CVE-2015-3197:

Access Vector

Access Complexity

Authentication

CVE-2016-0800:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References