{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSL Vulnerabilities"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2016-0030","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-16T00:32:48.532Z","generator":{"date":"2026-07-16T00:32:48.532Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2016-0030","initial_release_date":"2016-10-18T18:35:00.000Z","revision_history":[{"number":"1","date":"2026-07-15T17:32:48.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.0.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-444"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.0.15","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-445"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.1.11","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-461"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-452"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2016-0703","product_status":{"fixed":["PANW-PAN-OS-445","PANW-PAN-OS-452"],"known_affected":["PANW-PAN-OS-444","PANW-PAN-OS-461"]},"notes":[{"category":"description","text":"The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."}],"references":[{"category":"external","summary":"NVD - CVE-2016-0703","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0703"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0030","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0030"}],"threats":[{"category":"impact","description":"The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."}]},{"cve":"CVE-2016-0704","product_status":{"fixed":["PANW-PAN-OS-445","PANW-PAN-OS-452"],"known_affected":["PANW-PAN-OS-444","PANW-PAN-OS-461"]},"notes":[{"category":"description","text":"An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."}],"references":[{"category":"external","summary":"NVD - CVE-2016-0704","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0704"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0030","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0030"}],"threats":[{"category":"impact","description":"An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800."}]},{"cve":"CVE-2016-0800","product_status":{"fixed":["PANW-PAN-OS-445","PANW-PAN-OS-452"],"known_affected":["PANW-PAN-OS-444","PANW-PAN-OS-461"]},"notes":[{"category":"description","text":"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack."}],"references":[{"category":"external","summary":"NVD - CVE-2016-0800","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0800"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0030","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0030"}],"threats":[{"category":"impact","description":"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack."}]}]}