CVE-2016-8610

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 debian linux (affected versions not specified) fujitsu m10-1 firmware (affected versions not specified) fujitsu m10-4 firmware (affected versions not specified) fujitsu m10-4s firmware (affected versions not specified) fujitsu m12-1 firmware (affected versions not specified) fujitsu m12-2 firmware (affected versions not specified) fujitsu m12-2s firmware (affected versions not specified) netapp clustered data ontap (affected versions not specified) netapp clustered data ontap antivirus connector (affected versions not specified) netapp cn1610 firmware (affected versions not specified) netapp data ontap (affected versions not specified) netapp data ontap edge (affected versions not specified) netapp e-series santricity os controller (affected versions not specified) netapp host agent (affected versions not specified) netapp oncommand balance (affected versions not specified) netapp oncommand unified manager (affected versions not specified) netapp oncommand workflow automation (affected versions not specified) netapp ontap select deploy (affected versions not specified) netapp service processor (affected versions not specified) netapp smi-s provider (affected versions not specified) netapp snapcenter server (affected versions not specified) netapp snapdrive (affected versions not specified) netapp storagegrid (affected versions not specified) netapp storagegrid webscale (affected versions not specified) oracle adaptive access manager (affected versions not specified) oracle application testing suite (affected versions not specified) oracle communications analytics (affected versions not specified) oracle communications ip service activator (affected versions not specified) oracle core rdbms (affected versions not specified) oracle enterprise manager ops center (affected versions not specified) oracle goldengate application adapters (affected versions not specified) oracle jd edwards enterpriseone tools (affected versions not specified) oracle peoplesoft enterprise peopletools (affected versions not specified) oracle retail predictive application server (affected versions not specified) oracle timesten in-memory database (affected versions not specified) oracle weblogic server (affected versions not specified) paloaltonetworks pan-os (affected versions not specified) redhat enterprise linux desktop (affected versions not specified) redhat enterprise linux server (affected versions not specified) redhat enterprise linux server aus (affected versions not specified) redhat enterprise linux server eus (affected versions not specified) redhat enterprise linux server tus (affected versions not specified) redhat enterprise linux workstation (affected versions not specified) redhat jboss enterprise application platform (affected versions not specified)

Description A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Recommendations For OpenSSL versions 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, update to a version that is not affected by this issue. For other affected products, at the moment, there is no information about a newer version that contains a fix for this vulnerability.