CVE-2016-2183
HIGHCVSS 7.5/10EPSS 95.71%
Last modified
CVE-2016-2183 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.. EPSS estimates a 95.71% chance of exploitation in the next 30 days.
Description
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 6.0.0 |
| Redhat | Jboss Enterprise Web Server | 1.0.0 |
| Redhat | Jboss Enterprise Web Server | 2.0.0 |
| Redhat | Jboss Web Server | 3.0 |
| Redhat | Enterprise Linux | 5.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Python | Python | >= 2.7.0, < 2.7.13 |
| Python | Python | >= 3.4.0, < 3.4.7 |
| Python | Python | >= 3.5.0, < 3.5.3 |
| Cisco | Content Security Management Appliance | 9.6.6-068 |
| Cisco | Content Security Management Appliance | 9.7.0-006 |
| Openssl | Openssl | 1.0.1a |
| Openssl | Openssl | 1.0.1b |
| Openssl | Openssl | 1.0.1c |
| Openssl | Openssl | 1.0.1d |
| Openssl | Openssl | 1.0.1e |
| Openssl | Openssl | 1.0.1f |
| Openssl | Openssl | 1.0.1g |
| Openssl | Openssl | 1.0.1h |
| Openssl | Openssl | 1.0.1i |
| Openssl | Openssl | 1.0.1j |
| Openssl | Openssl | 1.0.1k |
| Openssl | Openssl | 1.0.1l |
| Openssl | Openssl | 1.0.1m |
| Openssl | Openssl | 1.0.1n |
| Openssl | Openssl | 1.0.1o |
| Openssl | Openssl | 1.0.1p |
| Openssl | Openssl | 1.0.1q |
| Openssl | Openssl | 1.0.1r |
| Openssl | Openssl | 1.0.1t |
| Openssl | Openssl | 1.0.2a |
| Openssl | Openssl | 1.0.2b |
| Openssl | Openssl | 1.0.2c |
| Openssl | Openssl | 1.0.2d |
| Openssl | Openssl | 1.0.2e |
| Openssl | Openssl | 1.0.2f |
| Openssl | Openssl | 1.0.2h |
| Oracle | Database | 11.2.0.4 |
| Oracle | Database | 12.1.0.2 |
| Nodejs | Node.Js | >= 0.10.0, < 0.10.47 |
| Nodejs | Node.Js | >= 0.12.0, < 0.12.16 |
| Nodejs | Node.Js | >= 4.0.0, < 4.1.2 |
| Nodejs | Node.Js | >= 4.2.0, < 4.6.0 |
| Nodejs | Node.Js | >= 6.0.0, < 6.7.0 |
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlMailing List, Third Party Advisory
- http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.htmlThird Party Advisory, VDB Entry
- http://rhn.redhat.com/errata/RHSA-2017-0336.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0337.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0338.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0462.htmlThird Party Advisory
- http://seclists.org/fulldisclosure/2017/Jul/31Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039Third Party Advisory
- http://www.debian.org/security/2016/dsa-3673Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/archive/1/539885/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/540341/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/541104/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/542005/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/92630Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/95568Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036696Third Party Advisory, VDB Entry
- http://www.splunk.com/view/SP-CAAAPSVThird Party Advisory
- http://www.splunk.com/view/SP-CAAAPUEThird Party Advisory
- http://www.ubuntu.com/usn/USN-3087-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3087-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-3179-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3194-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3198-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3270-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3372-1Third Party Advisory
- https://access.redhat.com/articles/2548661Mitigation, Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2708Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2709Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2710Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3113Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3114Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3239Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3240Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2123Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1245Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2859Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0451Third Party Advisory
- https://access.redhat.com/security/cve/cve-2016-2183Third Party Advisory
- https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/Press/Media Coverage, Technical Description, Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa133Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1369383Issue Tracking, Third Party Advisory
- https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10186Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10197Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310Third Party Advisory
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/Press/Media Coverage, Technical Description, Third Party Advisory
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/Third Party Advisory
- https://seclists.org/bugtraq/2018/Nov/21Mailing List, Third Party Advisory
- https://security.gentoo.org/glsa/201612-16Third Party Advisory
- https://security.gentoo.org/glsa/201701-65Third Party Advisory
- https://security.gentoo.org/glsa/201707-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20160915-0001/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20170119-0001/Third Party Advisory
- https://support.f5.com/csp/article/K13167034Third Party Advisory
- https://sweet32.info/Technical Description, Third Party Advisory
- https://wiki.opendaylight.org/view/Security_AdvisoriesThird Party Advisory
- https://www.exploit-db.com/exploits/42091/Third Party Advisory, VDB Entry
- https://www.ietf.org/mail-archive/web/tls/current/msg04560.htmlMailing List, Third Party Advisory
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/Press/Media Coverage, Technical Description, Third Party Advisory
- https://www.openssl.org/blog/blog/2016/08/24/sweet32/Mitigation, Press/Media Coverage, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
- https://www.sigsac.org/ccs/CCS2016/accepted-papers/Third Party Advisory
- https://www.tenable.com/security/tns-2016-16Third Party Advisory
- https://www.tenable.com/security/tns-2016-20Third Party Advisory
- https://www.tenable.com/security/tns-2016-21Third Party Advisory
- https://www.tenable.com/security/tns-2017-09Third Party Advisory
- https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issueThird Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlMailing List, Third Party Advisory
- http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.htmlThird Party Advisory, VDB Entry
- http://rhn.redhat.com/errata/RHSA-2017-0336.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0337.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0338.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0462.htmlThird Party Advisory
- http://seclists.org/fulldisclosure/2017/Jul/31Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2017/May/105Mailing List, Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039Third Party Advisory
- http://www.debian.org/security/2016/dsa-3673Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/archive/1/539885/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/540341/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/541104/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/542005/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/92630Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/95568Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036696Third Party Advisory, VDB Entry
- http://www.splunk.com/view/SP-CAAAPSVThird Party Advisory
- http://www.splunk.com/view/SP-CAAAPUEThird Party Advisory
- http://www.ubuntu.com/usn/USN-3087-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3087-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-3179-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3194-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3198-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3270-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3372-1Third Party Advisory
- https://access.redhat.com/articles/2548661Mitigation, Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2708Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2709Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2710Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3113Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3114Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3239Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3240Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2123Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1245Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2859Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0451Third Party Advisory
- https://access.redhat.com/security/cve/cve-2016-2183Third Party Advisory
- https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/Press/Media Coverage, Technical Description, Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa133Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1369383Issue Tracking, Third Party Advisory
- https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10186Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10197Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310Third Party Advisory
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/Press/Media Coverage, Technical Description, Third Party Advisory
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/Third Party Advisory
- https://seclists.org/bugtraq/2018/Nov/21Mailing List, Third Party Advisory
- https://security.gentoo.org/glsa/201612-16Third Party Advisory
- https://security.gentoo.org/glsa/201701-65Third Party Advisory
- https://security.gentoo.org/glsa/201707-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20160915-0001/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20170119-0001/Third Party Advisory
- https://support.f5.com/csp/article/K13167034Third Party Advisory
- https://sweet32.info/Technical Description, Third Party Advisory
- https://wiki.opendaylight.org/view/Security_AdvisoriesThird Party Advisory
- https://www.exploit-db.com/exploits/42091/Third Party Advisory, VDB Entry
- https://www.ietf.org/mail-archive/web/tls/current/msg04560.htmlMailing List, Third Party Advisory
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/Press/Media Coverage, Technical Description, Third Party Advisory
- https://www.openssl.org/blog/blog/2016/08/24/sweet32/Mitigation, Press/Media Coverage, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
- https://www.sigsac.org/ccs/CCS2016/accepted-papers/Third Party Advisory
- https://www.tenable.com/security/tns-2016-16Third Party Advisory
- https://www.tenable.com/security/tns-2016-20Third Party Advisory
- https://www.tenable.com/security/tns-2016-21Third Party Advisory
- https://www.tenable.com/security/tns-2017-09Third Party Advisory
- https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issueThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2183?
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
How severe is CVE-2016-2183?
CVE-2016-2183 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 95.71% probability of exploitation in the next 30 days.
How do I fix CVE-2016-2183?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-2183?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST