Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-2107 PoC — OpenSSL AES-NI实现安全漏洞

Source
https://github.com/FiloSottile/CVE-2016-2107
Associated Vulnerability
Title:OpenSSL AES-NI实现安全漏洞 (CVE-2016-2107)
Description:The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Description
Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)
Readme
# CVE-2016-2107
Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)

## Installation

```
$ go version
go version go1.6.2 darwin/amd64
$ go get github.com/FiloSottile/CVE-2016-2107
```

This tool only builds with Go 1.6+, and only when downloaded to the right position in the $GOPATH.

## Usage

```
$ CVE-2016-2107 filippo.io
2016/05/03 17:50:49 Vulnerable: false
```
File Snapshot

 [4.0K]  /data/pocs/8014148aa664097855086b2aa6f650ab71252650
├── [1.1K]  LICENSE
├── [4.0K]  LuckyMinus20
│   ├── [1.3K]  CVE-2016-2107.go
│   ├── [ 805]  tls.patch
│   └── [4.0K]  vendor
│       └── [4.0K]  crypto
│           └── [4.0K]  tls
│               ├── [2.6K]  alert.go
│               ├── [ 10K]  cipher_suites.go
│               ├── [ 22K]  common.go
│               ├── [ 30K]  conn.go
│               ├── [ 18K]  handshake_client.go
│               ├── [ 31K]  handshake_messages.go
│               ├── [ 21K]  handshake_server.go
│               ├── [ 12K]  key_agreement.go
│               ├── [1.4K]  LICENSE
│               ├── [ 11K]  prf.go
│               ├── [4.7K]  ticket.go
│               └── [9.4K]  tls.go
├── [ 248]  main.go
├── [ 385]  README.md
└── [4.0K]  server
    └── [1.0K]  main.go

5 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →