This document provides a list of all Exalogic Elastic Cloud Software (EECS) releases affected by CVE-2016-0800, a.k.a the DROWN Vulnerability, along with instructions on how to remediate the vulnerabilities on Compute Nodes and Guest vServers.
Overview of CVE-2016-0800:
A padding Oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.