exploit the possibilities
Showing 1 - 25 of 36 RSS Feed

CVE-2016-2183

Status Candidate

Overview

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Related Files

Red Hat Security Advisory 2019-1245-01
Posted May 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-2183
MD5 | d70711a336122bab7afba8b0234e106b
Micro Focus Security Bulletin MFSBGN03831
Posted Nov 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03831 - A potential vulnerability has been identified in Micro Focus Service Management Automation. The vulnerability could be exploited to remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2016-2183
MD5 | 7546cad91c54d47e4d584dda45cd2cfe
Red Hat Security Advisory 2018-2123-01
Posted Jul 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2123-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-2183
MD5 | bbaaaf50fafda3cb30530deaac90bbd0
Micro Focus Security Bulletin MFSBGN03805 1
Posted May 10, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03805 1 - A potential security vulnerability has been identified in Service Manager. This vulnerability may allow an exploit against a long-duration encrypted session known as the Sweet32 attack, and which may be exploited remotely. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-2183, CVE-2016-6329
MD5 | f8343940eadac27e71f49882b72b5615
Red Hat Security Advisory 2017-3240-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3240-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-9788, CVE-2017-9798
MD5 | 3b29f86af233ff52d38e4b5b486e8852
Red Hat Security Advisory 2017-3239-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3239-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-9788, CVE-2017-9798
MD5 | d3308a53ac9894680ebba1c87d267299
Red Hat Security Advisory 2017-3113-01
Posted Nov 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3113-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-12615, CVE-2017-12617, CVE-2017-9788, CVE-2017-9798
MD5 | 46b21654d29e59ef7bb3a4df28200a02
Red Hat Security Advisory 2017-3114-01
Posted Nov 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3114-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2017-12615, CVE-2017-12617, CVE-2017-9788, CVE-2017-9798
MD5 | e79e19cccf6975c04bc6a5a7ee05526e
Red Hat Security Advisory 2017-2709-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2709-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | 4e1ae8dd74d4b0758bd4ba4bd757535c
Red Hat Security Advisory 2017-2710-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2710-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | c9ea641b7ae7cbf337c796e5bcc0a310
Red Hat Security Advisory 2017-2708-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2708-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-3185, CVE-2016-2183, CVE-2017-9788
MD5 | 67f96bc217c117647b65450e9cce78e6
HPE Security Bulletin HPESBGN03765 2
Posted Aug 31, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03765 2 - A security vulnerability in the DES/3DES block ciphers used in the TLS protocol could potentially impact HPE LoadRunner and HPE Performance Center resulting in remote disclosure of information. This is also known as the SWEET32 attack. Revision 2 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 4eba285b9fec68b131daf50a419b7b69
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
MD5 | ab98a35fa8ae3d8507d56b71d1998766
Gentoo Linux Security Advisory 201707-01
Posted Jul 5, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201707-1 - Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 3.4.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3260, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 18e9d7e09504f55fd47e16f596d46c11
IBM Informix Dynamic Server DLL Injection / Code Execution
Posted May 31, 2017
Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability
advisories | CVE-2016-2183, CVE-2017-1092
MD5 | acf1047cf6ec465e6ff49df652940fd6
Red Hat Security Advisory 2017-1216-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1216-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-2183, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3511, CVE-2016-3598, CVE-2016-5542, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259
MD5 | 1b1c3e015433b4147e439e0d3b85f20e
Ubuntu Security Notice USN-3270-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-5461
MD5 | c8e97563f6a755db5f133a0d95df860c
HPE Security Bulletin HPESBUX03725 1
Posted Mar 30, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-2183, CVE-2016-8740, CVE-2016-8743
MD5 | 62093eab7a4c2c4b060ec05c72eca532
Red Hat Security Advisory 2017-0462-01
Posted Mar 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0462-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP1. Security Fix: This update fixes a vulnerability in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-2183
MD5 | 9dcd24d3c08c3a2fef92496aae5ff591
Red Hat Security Advisory 2017-0337-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0337-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | cab2fd6f28e6bf7c16761ffdcc376749
Red Hat Security Advisory 2017-0338-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0338-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272
MD5 | 6c7ae5ab650260ee4495fa1a93ba7708
Red Hat Security Advisory 2017-0336-01
Posted Feb 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0336-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | ca775df1e4839eb34f08fdcf06eada26
Ubuntu Security Notice USN-3198-1
Posted Feb 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272
MD5 | b629166e5e9a37a19d1f27394c0abf2a
HPE Security Bulletin HPESBGN03697 1
Posted Feb 15, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 0776d1fdb3879268af764d0682391bed
Ubuntu Security Notice USN-3194-1
Posted Feb 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 0e20f36eb780736730028ff4372ad61d
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close