Lucene search

[email protected]CVE-2016-2183

HistorySep 01, 2016 - 12:59 a.m.

CVE-2016-2183

2016-09-0100:59:00

CWE-200

[email protected]

web.nvd.nist.gov

958

In Wild

cve-2016-2183

des

triple des

ciphers

tls

ssh

ipsec

protocols

sweet32

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%

JSON

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq7.0
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.0.0
redhat:jboss_enterprise_web_serverredhat jboss enterprise web servereq2.0.0
redhat:enterprise_linuxredhat enterprise linuxeq5.0
redhat:jboss_enterprise_web_serverredhat jboss enterprise web servereq1.0.0
redhat:jboss_web_serverredhat jboss web servereq3.0
python:pythonpythonlt3.4.7
python:pythonpythonlt3.5.3
python:pythonpythonlt2.7.13

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	7.0
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.0.0
redhat:jboss_enterprise_web_server	redhat jboss enterprise web server	eq	2.0.0
redhat:enterprise_linux	redhat enterprise linux	eq	5.0
redhat:jboss_enterprise_web_server	redhat jboss enterprise web server	eq	1.0.0
redhat:jboss_web_server	redhat jboss web server	eq	3.0
python:python	python	lt	3.4.7
python:python	python	lt	3.5.3
python:python	python	lt	2.7.13

Rows per page:

1-10 of 451

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html

lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html

lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html

lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html

lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html

lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html

rhn.redhat.com/errata/RHSA-2017-0336.html

rhn.redhat.com/errata/RHSA-2017-0337.html

rhn.redhat.com/errata/RHSA-2017-0338.html

rhn.redhat.com/errata/RHSA-2017-0462.html

seclists.org/fulldisclosure/2017/Jul/31

seclists.org/fulldisclosure/2017/May/105

www-01.ibm.com/support/docview.wss?uid=nas8N1021697

www-01.ibm.com/support/docview.wss?uid=swg21991482

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/archive/1/539885/100/0/threaded

www.securityfocus.com/archive/1/540341/100/0/threaded

www.securityfocus.com/archive/1/541104/100/0/threaded

www.securityfocus.com/archive/1/542005/100/0/threaded

www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded

www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded

www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded

www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded

www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded

www.securityfocus.com/bid/92630

www.securityfocus.com/bid/95568

www.securitytracker.com/id/1036696

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

www.ubuntu.com/usn/USN-3179-1

www.ubuntu.com/usn/USN-3194-1

www.ubuntu.com/usn/USN-3198-1

www.ubuntu.com/usn/USN-3270-1

www.ubuntu.com/usn/USN-3372-1

access.redhat.com/articles/2548661

access.redhat.com/errata/RHSA-2017:1216

access.redhat.com/errata/RHSA-2017:2708

access.redhat.com/errata/RHSA-2017:2709

access.redhat.com/errata/RHSA-2017:2710

access.redhat.com/errata/RHSA-2017:3113

access.redhat.com/errata/RHSA-2017:3114

access.redhat.com/errata/RHSA-2017:3239

access.redhat.com/errata/RHSA-2017:3240

access.redhat.com/errata/RHSA-2018:2123

access.redhat.com/errata/RHSA-2019:1245

access.redhat.com/errata/RHSA-2019:2859

access.redhat.com/errata/RHSA-2020:0451

access.redhat.com/security/cve/cve-2016-2183

blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/

bto.bluecoat.com/security-advisory/sa133

bugzilla.redhat.com/show_bug.cgi?id=1369383

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849

ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10171

kc.mcafee.com/corporate/index?page=content&id=SB10186

kc.mcafee.com/corporate/index?page=content&id=SB10197

kc.mcafee.com/corporate/index?page=content&id=SB10215

kc.mcafee.com/corporate/index?page=content&id=SB10310

nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/

nodejs.org/en/blog/vulnerability/september-2016-security-releases/

seclists.org/bugtraq/2018/Nov/21

security.gentoo.org/glsa/201612-16

security.gentoo.org/glsa/201701-65

security.gentoo.org/glsa/201707-01

security.netapp.com/advisory/ntap-20160915-0001/

security.netapp.com/advisory/ntap-20170119-0001/

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178

support.f5.com/csp/article/K13167034

sweet32.info/

wiki.opendaylight.org/view/Security_Advisories

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.exploit-db.com/exploits/42091/

www.ietf.org/mail-archive/web/tls/current/msg04560.html

www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/

www.openssl.org/blog/blog/2016/08/24/sweet32/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.sigsac.org/ccs/CCS2016/accepted-papers/

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

www.tenable.com/security/tns-2017-09

www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%

JSON

CVE-2016-2183

References

Social References

Related