CVE-2016-0270

{"id": "CVE-2016-0270", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-02-08T16:59:00.133", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/96062", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1037795", "source": "psirt@us.ibm.com"}, {"url": "https://github.com/nonce-disrespect/nonce-disrespect", "tags": ["Third Party Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://support.citrix.com/article/CTX220329", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979604", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979669", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979673", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/96062", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037795", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nonce-disrespect/nonce-disrespect", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.citrix.com/article/CTX220329", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."}, {"lang": "es", "value": "IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versi\u00f3n 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generaci\u00f3n aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticaci\u00f3n y suplantar datos aprovechando la reutilizaci\u00f3n de un nonce en una sesi\u00f3n y un \"ataque prohibido\". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilizaci\u00f3n de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix."}], "lastModified": "2024-11-21T02:41:23.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8173749-67C8-46D1-8505-200ADF7A70D2"}, {"criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"}, {"criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065"}, {"criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173"}, {"criteria": "cpe:2.3:a:ibm:notes:9.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C10DAB-5579-4273-9B5E-58199A978DD6"}, {"criteria": "cpe:2.3:a:ibm:notes:9.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFAB1EE7-3835-4AD6-8F13-01C1CB62F98D"}, {"criteria": "cpe:2.3:a:ibm:notes:9.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320A0EC3-D4DC-4CEC-B71A-47658A8C17AC"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}