CVE-2016-2183

HIGH

Redhat Jboss Enterprise Application Platform - Information Disclosure

Title source: rule

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Exploits (2)

nomisec WORKING POC

by ZakyHermawan · poc

https://github.com/ZakyHermawan/Simple-Sweet32

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by SecuriTeam · textwebappswindows

https://www.exploit-db.com/exploits/42091

View Code ZIP pw:eip

References (137)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

[Third Party Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

... and 117 more

Scores

CVSS v3 7.5

EPSS 0.4002

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (41)

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_web_server

redhat/jboss_enterprise_web_server

redhat/jboss_web_server

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux

python/python < 2.7.13

cisco/content_security_management_appliance

cisco/content_security_management_appliance

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

openssl/openssl

... and 26 more

Timeline

Published Sep 01, 2016

Tracked Since Feb 18, 2026