7.5

CVE-2016-2183

Media report

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Data is provided by the National Vulnerability Database (NVD)
RedhatJboss Web Server Version3.0
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
PythonPython Version >= 2.7.0 < 2.7.13
PythonPython Version >= 3.4.0 < 3.4.7
PythonPython Version >= 3.5.0 < 3.5.3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.1t
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2h
OracleDatabase Version11.2.0.4
OracleDatabase Version12.1.0.2
NodejsNode.Js Version >= 0.10.0 < 0.10.47
NodejsNode.Js Version >= 0.12.0 < 0.12.16
NodejsNode.Js SwEdition- Version >= 4.0.0 < 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.6.0
NodejsNode.Js SwEdition- Version >= 6.0.0 < 6.7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 40.02% 0.972
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Third Party Advisory
US Government Resource
http://seclists.org/fulldisclosure/2017/Jul/31
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2017/May/105
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/92630
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95568
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036696
Third Party Advisory
VDB Entry
https://access.redhat.com/articles/2548661
Third Party Advisory
Mitigation
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
Third Party Advisory
Technical Description
Press/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
Third Party Advisory
Issue Tracking
https://seclists.org/bugtraq/2018/Nov/21
Third Party Advisory
Mailing List
https://sweet32.info/
Third Party Advisory
Technical Description
https://www.exploit-db.com/exploits/42091/
Third Party Advisory
VDB Entry
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
Third Party Advisory
Mitigation
Press/Media Coverage