Exploit the possiblities
Showing 1 - 25 of 32 RSS Feed

CVE-2016-2183

Status Candidate

Overview

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Related Files

Red Hat Security Advisory 2017-3240-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3240-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-9788, CVE-2017-9798
MD5 | 3b29f86af233ff52d38e4b5b486e8852
Red Hat Security Advisory 2017-3239-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3239-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-9788, CVE-2017-9798
MD5 | d3308a53ac9894680ebba1c87d267299
Red Hat Security Advisory 2017-3113-01
Posted Nov 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3113-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-12615, CVE-2017-12617, CVE-2017-9788, CVE-2017-9798
MD5 | 46b21654d29e59ef7bb3a4df28200a02
Red Hat Security Advisory 2017-3114-01
Posted Nov 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3114-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-12615, CVE-2017-12617, CVE-2017-9788, CVE-2017-9798
MD5 | e79e19cccf6975c04bc6a5a7ee05526e
Red Hat Security Advisory 2017-2709-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2709-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | 4e1ae8dd74d4b0758bd4ba4bd757535c
Red Hat Security Advisory 2017-2710-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2710-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | c9ea641b7ae7cbf337c796e5bcc0a310
Red Hat Security Advisory 2017-2708-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2708-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | 67f96bc217c117647b65450e9cce78e6
HP Security Bulletin HPESBGN03765 2
Posted Aug 31, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03765 2 - A security vulnerability in the DES/3DES block ciphers used in the TLS protocol could potentially impact HPE LoadRunner and HPE Performance Center resulting in remote disclosure of information. This is also known as the SWEET32 attack. Revision 2 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 4eba285b9fec68b131daf50a419b7b69
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
MD5 | ab98a35fa8ae3d8507d56b71d1998766
Gentoo Linux Security Advisory 201707-01
Posted Jul 5, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201707-1 - Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 3.4.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3260, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 18e9d7e09504f55fd47e16f596d46c11
IBM Informix Dynamic Server DLL Injection / Code Execution
Posted May 31, 2017
Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability
advisories | CVE-2016-2183, CVE-2017-1092
MD5 | acf1047cf6ec465e6ff49df652940fd6
Red Hat Security Advisory 2017-1216-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1216-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-2183, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3511, CVE-2016-3598, CVE-2016-5542, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259
MD5 | 1b1c3e015433b4147e439e0d3b85f20e
Ubuntu Security Notice USN-3270-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-5461
MD5 | c8e97563f6a755db5f133a0d95df860c
HP Security Bulletin HPESBUX03725 1
Posted Mar 30, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-2183, CVE-2016-8740, CVE-2016-8743
MD5 | 62093eab7a4c2c4b060ec05c72eca532
Red Hat Security Advisory 2017-0462-01
Posted Mar 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0462-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP1. Security Fix: This update fixes a vulnerability in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-2183
MD5 | 9dcd24d3c08c3a2fef92496aae5ff591
Red Hat Security Advisory 2017-0337-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0337-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | cab2fd6f28e6bf7c16761ffdcc376749
Red Hat Security Advisory 2017-0338-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0338-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272
MD5 | 6c7ae5ab650260ee4495fa1a93ba7708
Red Hat Security Advisory 2017-0336-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0336-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | ca775df1e4839eb34f08fdcf06eada26
Ubuntu Security Notice USN-3198-1
Posted Feb 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272
MD5 | b629166e5e9a37a19d1f27394c0abf2a
HP Security Bulletin HPESBGN03697 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 0776d1fdb3879268af764d0682391bed
Ubuntu Security Notice USN-3194-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 0e20f36eb780736730028ff4372ad61d
Gentoo Linux Security Advisory 201701-65
Posted Jan 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-65 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code Versions less than 1.8.0.121 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289
MD5 | 02e023b883e373a3bf1d31ee813fd1ae
Ubuntu Security Notice USN-3179-1
Posted Jan 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3179-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 05bd35309151940a3d3bf97cb00f1258
HP Security Bulletin HPSBGN03690 1
Posted Jan 24, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03690 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE Real User Monitor (RUM) resulting in remote disclosure of information also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | aecda959659ee0021fb683ca20b38702
HP Security Bulletin HPSBGN03694 1
Posted Jan 13, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03694 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183, CVE-2016-6329
MD5 | 6ae4e6988408716f0d29122364176e71
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close