7.5

CVE-2016-2183

Medienbericht
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss Web Server Version3.0
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
PythonPython Version >= 2.7.0 < 2.7.13
PythonPython Version >= 3.4.0 < 3.4.7
PythonPython Version >= 3.5.0 < 3.5.3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.1t
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2h
OracleDatabase Version11.2.0.4
OracleDatabase Version12.1.0.2
NodejsNode.Js Version >= 0.10.0 < 0.10.47
NodejsNode.Js Version >= 0.12.0 < 0.12.16
NodejsNode.Js SwEdition- Version >= 4.0.0 < 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.6.0
NodejsNode.Js SwEdition- Version >= 6.0.0 < 6.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 95.71% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Third Party Advisory
US Government Resource
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://www.tenable.com/security/tns-2016-20
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2708
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2709
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2710
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1216
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Third Party Advisory
https://security.gentoo.org/glsa/201612-16
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2017/Jul/31
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3673
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPSV
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUE
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-2
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Third Party Advisory
https://www.tenable.com/security/tns-2016-16
Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
Third Party Advisory
Mailing List
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0336.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0337.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0338.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0462.html
Third Party Advisory
http://seclists.org/fulldisclosure/2017/May/105
Third Party Advisory
Mailing List
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
Third Party Advisory
http://www.securityfocus.com/archive/1/539885/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/540341/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/541104/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/542005/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/92630
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95568
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036696
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3179-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3194-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3198-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3270-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3372-1
Third Party Advisory
https://access.redhat.com/articles/2548661
Third Party Advisory
Mitigation
https://access.redhat.com/errata/RHSA-2017:3113
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3239
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3240
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2123
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1245
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2859
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0451
Third Party Advisory
https://access.redhat.com/security/cve/cve-2016-2183
Third Party Advisory
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
Third Party Advisory
Technical Description
Press/Media Coverage
https://bto.bluecoat.com/security-advisory/sa133
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
Third Party Advisory
Issue Tracking
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10186
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10197
Third Party Advisory
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
Third Party Advisory
Technical Description
Press/Media Coverage
https://seclists.org/bugtraq/2018/Nov/21
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201701-65
Third Party Advisory
https://security.gentoo.org/glsa/201707-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20160915-0001/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20170119-0001/
Third Party Advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
Third Party Advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
Third Party Advisory
https://support.f5.com/csp/article/K13167034
Third Party Advisory
https://sweet32.info/
Third Party Advisory
Technical Description
https://wiki.opendaylight.org/view/Security_Advisories
Third Party Advisory
https://www.exploit-db.com/exploits/42091/
Third Party Advisory
VDB Entry
https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
Third Party Advisory
Mailing List
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
Third Party Advisory
Technical Description
Press/Media Coverage
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
Third Party Advisory
Mitigation
Press/Media Coverage
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
Third Party Advisory
https://www.tenable.com/security/tns-2017-09
Third Party Advisory
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability