I just discovered that this site is still vulnerable from CVE-2016-2107. According to CVE(Common Vulnerabilities and Exposers), this vulnerability allows remote attackers to obtain sensitive clear text information via a padding-oracle attack against an AES CBC session. This vulnerability exists because of an incorrect fix for CVE-2013-0169.
To fix this problem, I performed the following in order to upgrade the installed packages (most specially the OpenSSL packages) in my Ubuntu server:
$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo reboot
Unfortunately, this involves downtime because I need do a reboot in order to apply the necessary changes.
I discovered this vulnerability by using the Qualys SSL Labs to evaluate my site’s certificate and configuration. If you want a handy tool designed specifically to check CVE-2016-2107 vulnerability, you can check this one by Filippo Valsorda.
One comment on “Preventing your Ubuntu servers from CVE-2016-2107”
I pay a visit daily a few websites and information sites to
read articles or reviews, except this website offers feature
based writing.