CVE-2016-2183
published 2016-09-01CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | content_security_management_appliance | — | — |
| cisco | content_security_management_appliance | — | — |
| github.com | kyverno_kyverno | >= 0 < 1.9.5 | 1.9.5 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.14.04.1 | 2:3.28.4-0ubuntu0.14.04.1 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.16.04.1 | 2:3.28.4-0ubuntu0.16.04.1 |
| nodejs | node.js | >= 0.10.0 < 0.10.47 | 0.10.47 |
| nodejs | node.js | >= 0.12.0 < 0.12.16 | 0.12.16 |
| nodejs | node.js | >= 4.0.0 < 4.1.2 | 4.1.2 |
| nodejs | node.js | >= 4.2.0 < 4.6.0 | 4.6.0 |
| nodejs | node.js | >= 6.0.0 < 6.7.0 | 6.7.0 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv9.8CRITICAL