Lucene search

K
cveRedhatCVE-2016-2183
HistorySep 01, 2016 - 12:59 a.m.

CVE-2016-2183

2016-09-0100:59:00
CWE-200
redhat
web.nvd.nist.gov
1057
In Wild
7
24
cve-2016-2183
des
triple des
ciphers
tls
ssh
ipsec
protocols
sweet32
vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

77.1%

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

Affected configurations

Nvd
Node
redhatjboss_enterprise_application_platformMatch6.0.0
OR
redhatjboss_enterprise_web_serverMatch1.0.0
OR
redhatjboss_enterprise_web_serverMatch2.0.0
OR
redhatjboss_web_serverMatch3.0
OR
redhatenterprise_linuxMatch5.0
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
Node
pythonpythonRange2.7.02.7.13
OR
pythonpythonRange3.4.03.4.7
OR
pythonpythonRange3.5.03.5.3
Node
ciscocontent_security_management_applianceMatch9.6.6-068
OR
ciscocontent_security_management_applianceMatch9.7.0-006
Node
opensslopensslMatch1.0.1a
OR
opensslopensslMatch1.0.1b
OR
opensslopensslMatch1.0.1c
OR
opensslopensslMatch1.0.1d
OR
opensslopensslMatch1.0.1e
OR
opensslopensslMatch1.0.1f
OR
opensslopensslMatch1.0.1g
OR
opensslopensslMatch1.0.1h
OR
opensslopensslMatch1.0.1i
OR
opensslopensslMatch1.0.1j
OR
opensslopensslMatch1.0.1k
OR
opensslopensslMatch1.0.1l
OR
opensslopensslMatch1.0.1m
OR
opensslopensslMatch1.0.1n
OR
opensslopensslMatch1.0.1o
OR
opensslopensslMatch1.0.1p
OR
opensslopensslMatch1.0.1q
OR
opensslopensslMatch1.0.1r
OR
opensslopensslMatch1.0.1t
OR
opensslopensslMatch1.0.2a
OR
opensslopensslMatch1.0.2b
OR
opensslopensslMatch1.0.2c
OR
opensslopensslMatch1.0.2d
OR
opensslopensslMatch1.0.2e
OR
opensslopensslMatch1.0.2f
OR
opensslopensslMatch1.0.2h
Node
oracledatabaseMatch11.2.0.4
OR
oracledatabaseMatch12.1.0.2
Node
nodejsnode.jsRange0.10.00.10.47
OR
nodejsnode.jsRange0.12.00.12.16
OR
nodejsnode.jsRange4.0.04.1.2-
OR
nodejsnode.jsRange4.2.04.6.0lts
OR
nodejsnode.jsRange6.0.06.7.0-
VendorProductVersionCPE
redhatjboss_enterprise_application_platform6.0.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
redhatjboss_enterprise_web_server1.0.0cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*
redhatjboss_enterprise_web_server2.0.0cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
redhatjboss_web_server3.0cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
redhatenterprise_linux5.0cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.6.6-068cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:*
ciscocontent_security_management_appliance9.7.0-006cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:*
Rows per page:
1-10 of 411

References

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

77.1%