OpenSSL CVE-2016-2107 Grading Update

by
Robert Dell'Immagine
from on (#1DDQY)

We are releasing an update to the grading criteria, version 2009m, to respond to the discovery of the OpenSSL vulnerability CVE-2016-2107 announced in the OpenSSL Security Advisory [3rd May 2016]. This vulnerability can be exploited by MITM attacker using a padding Oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI.

We are giving advance notification for the grading criteria changes. Currently, if the server is found to be vulnerable to this attack, grades are capped at C. Grades will be capped at F from June 6, 2016.

ssllabs-cve-2016-2107-openssl-warning.jp

External Content
Source RSS or Atom Feed
Feed Location https://community.qualys.com/blogs/securitylabs/feeds/tags/ssl
Feed Title
Feed Link https://community.qualys.com/
Reply 0 comments