CVE - CVE-2016-2183

CVE-ID
CVE-2016-2183	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1036696 URL:http://www.securitytracker.com/id/1036696 MISC:20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/539885/100/0/threaded MISC:20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded MISC:20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded MISC:20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities URL:http://www.securityfocus.com/archive/1/540341/100/0/threaded MISC:20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities URL:http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded MISC:20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities URL:http://seclists.org/fulldisclosure/2017/May/105 MISC:20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities URL:http://seclists.org/fulldisclosure/2017/Jul/31 MISC:20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/541104/100/0/threaded MISC:20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded MISC:20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/542005/100/0/threaded MISC:20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information URL:http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded MISC:20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information URL:https://seclists.org/bugtraq/2018/Nov/21 MISC:42091 URL:https://www.exploit-db.com/exploits/42091/ MISC:92630 URL:http://www.securityfocus.com/bid/92630 MISC:95568 URL:http://www.securityfocus.com/bid/95568 MISC:DSA-3673 URL:http://www.debian.org/security/2016/dsa-3673 MISC:GLSA-201612-16 URL:https://security.gentoo.org/glsa/201612-16 MISC:GLSA-201701-65 URL:https://security.gentoo.org/glsa/201701-65 MISC:GLSA-201707-01 URL:https://security.gentoo.org/glsa/201707-01 MISC:RHSA-2017:0336 URL:http://rhn.redhat.com/errata/RHSA-2017-0336.html MISC:RHSA-2017:0337 URL:http://rhn.redhat.com/errata/RHSA-2017-0337.html MISC:RHSA-2017:0338 URL:http://rhn.redhat.com/errata/RHSA-2017-0338.html MISC:RHSA-2017:0462 URL:http://rhn.redhat.com/errata/RHSA-2017-0462.html MISC:RHSA-2017:1216 URL:https://access.redhat.com/errata/RHSA-2017:1216 MISC:RHSA-2017:2708 URL:https://access.redhat.com/errata/RHSA-2017:2708 MISC:RHSA-2017:2709 URL:https://access.redhat.com/errata/RHSA-2017:2709 MISC:RHSA-2017:2710 URL:https://access.redhat.com/errata/RHSA-2017:2710 MISC:RHSA-2017:3113 URL:https://access.redhat.com/errata/RHSA-2017:3113 MISC:RHSA-2017:3114 URL:https://access.redhat.com/errata/RHSA-2017:3114 MISC:RHSA-2017:3239 URL:https://access.redhat.com/errata/RHSA-2017:3239 MISC:RHSA-2017:3240 URL:https://access.redhat.com/errata/RHSA-2017:3240 MISC:RHSA-2018:2123 URL:https://access.redhat.com/errata/RHSA-2018:2123 MISC:RHSA-2019:1245 URL:https://access.redhat.com/errata/RHSA-2019:1245 MISC:RHSA-2019:2859 URL:https://access.redhat.com/errata/RHSA-2019:2859 MISC:RHSA-2020:0451 URL:https://access.redhat.com/errata/RHSA-2020:0451 MISC:SUSE-SU-2016:2387 URL:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html MISC:SUSE-SU-2016:2394 URL:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html MISC:SUSE-SU-2016:2458 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html MISC:SUSE-SU-2016:2468 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html MISC:SUSE-SU-2016:2469 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html MISC:SUSE-SU-2016:2470 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html MISC:SUSE-SU-2017:0346 URL:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html MISC:SUSE-SU-2017:0460 URL:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html MISC:SUSE-SU-2017:0490 URL:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html MISC:SUSE-SU-2017:1444 URL:http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html MISC:SUSE-SU-2017:2699 URL:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html MISC:SUSE-SU-2017:2700 URL:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html MISC:USN-3087-1 URL:http://www.ubuntu.com/usn/USN-3087-1 MISC:USN-3087-2 URL:http://www.ubuntu.com/usn/USN-3087-2 MISC:USN-3179-1 URL:http://www.ubuntu.com/usn/USN-3179-1 MISC:USN-3194-1 URL:http://www.ubuntu.com/usn/USN-3194-1 MISC:USN-3198-1 URL:http://www.ubuntu.com/usn/USN-3198-1 MISC:USN-3270-1 URL:http://www.ubuntu.com/usn/USN-3270-1 MISC:USN-3372-1 URL:http://www.ubuntu.com/usn/USN-3372-1 MISC:[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections URL:https://www.ietf.org/mail-archive/web/tls/current/msg04560.html MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 MISC:http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html URL:http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html MISC:http://seclists.org/fulldisclosure/2017/May/105 URL:http://seclists.org/fulldisclosure/2017/May/105 MISC:http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 URL:http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21991482 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21991482 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21995039 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21995039 MISC:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en URL:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html URL:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html MISC:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html URL:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html URL:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html MISC:http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html URL:http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html MISC:http://www.splunk.com/view/SP-CAAAPSV URL:http://www.splunk.com/view/SP-CAAAPSV MISC:http://www.splunk.com/view/SP-CAAAPUE URL:http://www.splunk.com/view/SP-CAAAPUE MISC:https://access.redhat.com/articles/2548661 URL:https://access.redhat.com/articles/2548661 MISC:https://access.redhat.com/security/cve/cve-2016-2183 URL:https://access.redhat.com/security/cve/cve-2016-2183 MISC:https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ URL:https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ MISC:https://bto.bluecoat.com/security-advisory/sa133 URL:https://bto.bluecoat.com/security-advisory/sa133 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1369383 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1369383 MISC:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf URL:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf MISC:https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633 URL:https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849 URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849 MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us MISC:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us URL:https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849 MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 URL:https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 MISC:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 URL:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10171 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10171 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10186 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10186 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10197 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10197 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10215 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10215 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10310 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10310 MISC:https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/ URL:https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/ MISC:https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ URL:https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ MISC:https://security.netapp.com/advisory/ntap-20160915-0001/ URL:https://security.netapp.com/advisory/ntap-20160915-0001/ MISC:https://security.netapp.com/advisory/ntap-20170119-0001/ URL:https://security.netapp.com/advisory/ntap-20170119-0001/ MISC:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613 URL:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613 MISC:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 URL:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 MISC:https://support.f5.com/csp/article/K13167034 URL:https://support.f5.com/csp/article/K13167034 MISC:https://sweet32.info/ URL:https://sweet32.info/ MISC:https://wiki.opendaylight.org/view/Security_Advisories URL:https://wiki.opendaylight.org/view/Security_Advisories MISC:https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 URL:https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 MISC:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 URL:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 MISC:https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/ URL:https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/ MISC:https://www.openssl.org/blog/blog/2016/08/24/sweet32/ URL:https://www.openssl.org/blog/blog/2016/08/24/sweet32/ MISC:https://www.oracle.com/security-alerts/cpuapr2020.html URL:https://www.oracle.com/security-alerts/cpuapr2020.html MISC:https://www.oracle.com/security-alerts/cpujan2020.html URL:https://www.oracle.com/security-alerts/cpujan2020.html MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2020.html URL:https://www.oracle.com/security-alerts/cpuoct2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html MISC:https://www.sigsac.org/ccs/CCS2016/accepted-papers/ URL:https://www.sigsac.org/ccs/CCS2016/accepted-papers/ MISC:https://www.tenable.com/security/tns-2016-16 URL:https://www.tenable.com/security/tns-2016-16 MISC:https://www.tenable.com/security/tns-2016-20 URL:https://www.tenable.com/security/tns-2016-20 MISC:https://www.tenable.com/security/tns-2016-21 URL:https://www.tenable.com/security/tns-2016-21 MISC:https://www.tenable.com/security/tns-2017-09 URL:https://www.tenable.com/security/tns-2017-09 MISC:https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue URL:https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue MISC:openSUSE-SU-2016:2391 URL:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html MISC:openSUSE-SU-2016:2407 URL:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html MISC:openSUSE-SU-2016:2496 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html MISC:openSUSE-SU-2016:2537 URL:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html MISC:openSUSE-SU-2017:0374 URL:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html MISC:openSUSE-SU-2017:0513 URL:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html MISC:openSUSE-SU-2018:0458 URL:http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20160129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)