ID

VAR-201609-0597


CVE

CVE-2016-2183


TITLE

TLS  Used in products such as protocols  DES  and  Triple DES  Cryptographic plaintext data acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004511

DESCRIPTION

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. This vulnerability is "Sweet32" It is called an attack.A third party could retrieve plaintext data through a birthday attack on a long encrypted session. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. This vulnerability stems from configuration errors in network systems or products during operation. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster - -cli.html. 5) - i386, ppc, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-3179-1 January 25, 2017 openjdk-8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK 8. Software Description: - openjdk-8: Open Source Java implementation Details: Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA and ECDSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548, CVE-2016-5549) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: openjdk-8-jdk 8u121-b13-0ubuntu1.16.10.2 openjdk-8-jdk-headless 8u121-b13-0ubuntu1.16.10.2 openjdk-8-jre 8u121-b13-0ubuntu1.16.10.2 openjdk-8-jre-headless 8u121-b13-0ubuntu1.16.10.2 openjdk-8-jre-jamvm 8u121-b13-0ubuntu1.16.10.2 openjdk-8-jre-zero 8u121-b13-0ubuntu1.16.10.2 Ubuntu 16.04 LTS: openjdk-8-jdk 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jdk-headless 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-headless 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-jamvm 8u121-b13-0ubuntu1.16.04.2 openjdk-8-jre-zero 8u121-b13-0ubuntu1.16.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2017:0336-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0336.html Issue date: 2017-02-28 CVE Names: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.i686.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.ppc.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.s390.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.s390.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.1-1jpp.2.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.1-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtT+VXlSAg2UNWIIRAlsUAKC/YVMsT2MtkXqUC3tLLKKz44xx5gCgwDER EwgATWRMA0TtHHTG3g1+yS8= =8vwr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). Red Hat Quay is a secure, private container registry that builds, analyzes and distributes container images. It provides a high level of automation and customization. (CVE-2016-2183) Bug Fix(es): * Running Quay in config mode now works in a disconnected option which doesn't require pulling resources from the Internet. * Quay's security scan endpoint is now enabled at startup for viewing results of Clair container image scans. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es): * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884) * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885) 4. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1508880 - Unable to load large CRL openssl problem 1508884 - mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq 1508885 - SegFault due to corrupt nodestatsmem 6. (CVE-2016-2183) 4. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 6

Trust: 2.52

sources: NVD: CVE-2016-2183 // JVNDB: JVNDB-2016-004511 // VULHUB: VHN-91002 // PACKETSTORM: 159431 // PACKETSTORM: 141354 // PACKETSTORM: 140977 // PACKETSTORM: 140718 // PACKETSTORM: 141352 // PACKETSTORM: 145017 // PACKETSTORM: 152978 // PACKETSTORM: 145018 // PACKETSTORM: 141555

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:2.7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1p

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1f

Trust: 1.0

vendor:ciscomodel:content security management appliancescope:eqversion:9.7.0-006

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:0.10.0

Trust: 1.0

vendor:redhatmodel:jboss web serverscope:eqversion:3.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.4.7

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:5.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:2.7.13

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1q

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:0.10.47

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:11.2.0.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1t

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2e

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.1.2

Trust: 1.0

vendor:ciscomodel:content security management appliancescope:eqversion:9.6.6-068

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:0.12.16

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.4.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:0.12.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.5.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1h

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.6.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1j

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.1.0.2

Trust: 1.0

vendor:redhatmodel:jboss enterprise web serverscope:eqversion:2.0.0

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.5.3

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:redhatmodel:jboss enterprise web serverscope:eqversion:1.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1r

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1n

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1m

Trust: 1.0

vendor:日本電気model:webotx application serverscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco コンテンツ セキュリティ管理アプライアンスscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日本電気model:enterpriseidentitymanagerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop managementscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application server for developersscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat jboss web serverscope: - version: -

Trust: 0.8

vendor:日本電気model:ix2000シリーズscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日本電気model:esmpro/serveragentservicescope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope: - version: -

Trust: 0.8

vendor:日本電気model:ix3000シリーズscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:日本電気model:enterprisedirectoryserverscope: - version: -

Trust: 0.8

vendor:pythonmodel:pythonscope: - version: -

Trust: 0.8

vendor:日本電気model:ix1000シリーズscope: - version: -

Trust: 0.8

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:日立model:job management partner 1/it desktop managementscope: - version: -

Trust: 0.8

vendor:日本電気model:express5800scope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco asyncosscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx portalscope: - version: -

Trust: 0.8

vendor:日本電気model:secureware/pkiアプリケーション開発キットscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日立model:hitachi application serverscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx enterprise service busscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus primary serverscope: - version: -

Trust: 0.8

vendor:日本電気model:esmpro/serveragentscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:jboss enterprise web serverscope: - version: -

Trust: 0.8

vendor:日本電気model:capssuitescope: - version: -

Trust: 0.8

vendor:日立model:hitachi web serverscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:jboss enterprise application platformscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2016-004511 // NVD: CVE-2016-2183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2183
value: HIGH

Trust: 1.0

NVD: CVE-2016-2183
value: MEDIUM

Trust: 0.8

VULHUB: VHN-91002
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2183
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91002
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2183
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-2183
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-91002 // JVNDB: JVNDB-2016-004511 // NVD: CVE-2016-2183

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-91002 // JVNDB: JVNDB-2016-004511 // NVD: CVE-2016-2183

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 140977 // PACKETSTORM: 140718

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-91002

PATCH

title:hitachi-sec-2017-119url:http://www-01.ibm.com/support/docview.wss?uid=swg21991482

Trust: 0.8

sources: JVNDB: JVNDB-2016-004511

EXTERNAL IDS

db:NVDid:CVE-2016-2183

Trust: 3.6

db:ICS CERTid:ICSMA-18-058-02

Trust: 1.9

db:PACKETSTORMid:142756

Trust: 1.1

db:SECTRACKid:1036696

Trust: 1.1

db:PULSESECUREid:SA40312

Trust: 1.1

db:BIDid:92630

Trust: 1.1

db:BIDid:95568

Trust: 1.1

db:TENABLEid:TNS-2017-09

Trust: 1.1

db:TENABLEid:TNS-2016-21

Trust: 1.1

db:TENABLEid:TNS-2016-20

Trust: 1.1

db:TENABLEid:TNS-2016-16

Trust: 1.1

db:MCAFEEid:SB10197

Trust: 1.1

db:MCAFEEid:SB10310

Trust: 1.1

db:MCAFEEid:SB10186

Trust: 1.1

db:MCAFEEid:SB10215

Trust: 1.1

db:MCAFEEid:SB10171

Trust: 1.1

db:SIEMENSid:SSA-412672

Trust: 1.1

db:JUNIPERid:JSA10759

Trust: 1.1

db:EXPLOIT-DBid:42091

Trust: 1.1

db:ICS CERTid:ICSA-22-160-01

Trust: 0.8

db:ICS CERTid:ICSA-21-075-02

Trust: 0.8

db:JVNid:JVNVU91550327

Trust: 0.8

db:JVNid:JVNVU98667810

Trust: 0.8

db:JVNid:JVNVU95298925

Trust: 0.8

db:JVNDBid:JVNDB-2016-004511

Trust: 0.8

db:PACKETSTORMid:141352

Trust: 0.2

db:PACKETSTORMid:140718

Trust: 0.2

db:PACKETSTORMid:141354

Trust: 0.2

db:PACKETSTORMid:141555

Trust: 0.2

db:PACKETSTORMid:145017

Trust: 0.2

db:PACKETSTORMid:152978

Trust: 0.2

db:PACKETSTORMid:140977

Trust: 0.2

db:PACKETSTORMid:145018

Trust: 0.2

db:PACKETSTORMid:159431

Trust: 0.2

db:PACKETSTORMid:161320

Trust: 0.1

db:PACKETSTORMid:148410

Trust: 0.1

db:PACKETSTORMid:140708

Trust: 0.1

db:PACKETSTORMid:143970

Trust: 0.1

db:PACKETSTORMid:150303

Trust: 0.1

db:PACKETSTORMid:143244

Trust: 0.1

db:PACKETSTORMid:141100

Trust: 0.1

db:PACKETSTORMid:140473

Trust: 0.1

db:PACKETSTORMid:141111

Trust: 0.1

db:PACKETSTORMid:144865

Trust: 0.1

db:PACKETSTORMid:143549

Trust: 0.1

db:PACKETSTORMid:140725

Trust: 0.1

db:PACKETSTORMid:144869

Trust: 0.1

db:PACKETSTORMid:142340

Trust: 0.1

db:PACKETSTORMid:156451

Trust: 0.1

db:PACKETSTORMid:140084

Trust: 0.1

db:PACKETSTORMid:147581

Trust: 0.1

db:PACKETSTORMid:154650

Trust: 0.1

db:PACKETSTORMid:141353

Trust: 0.1

db:CNNVDid:CNNVD-201608-448

Trust: 0.1

db:VULHUBid:VHN-91002

Trust: 0.1

sources: VULHUB: VHN-91002 // PACKETSTORM: 159431 // PACKETSTORM: 141354 // PACKETSTORM: 140977 // PACKETSTORM: 140718 // PACKETSTORM: 141352 // PACKETSTORM: 145017 // PACKETSTORM: 152978 // PACKETSTORM: 145018 // PACKETSTORM: 141555 // JVNDB: JVNDB-2016-004511 // NVD: CVE-2016-2183

REFERENCES

url:https://sweet32.info/

Trust: 1.9

url:https://access.redhat.com/security/cve/cve-2016-2183

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2017-0336.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2017-0337.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2017-0462.html

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:3239

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:3240

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:1245

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-3179-1

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-3194-1

Trust: 1.2

url:https://access.redhat.com/articles/2548661

Trust: 1.2

url:http://www.securitytracker.com/id/1036696

Trust: 1.1

url:http://www.securityfocus.com/archive/1/539885/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/540341/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded

Trust: 1.1

url:http://seclists.org/fulldisclosure/2017/may/105

Trust: 1.1

url:http://seclists.org/fulldisclosure/2017/jul/31

Trust: 1.1

url:http://www.securityfocus.com/archive/1/541104/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/542005/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded

Trust: 1.1

url:https://seclists.org/bugtraq/2018/nov/21

Trust: 1.1

url:https://www.exploit-db.com/exploits/42091/

Trust: 1.1

url:http://www.securityfocus.com/bid/92630

Trust: 1.1

url:http://www.securityfocus.com/bid/95568

Trust: 1.1

url:http://www.debian.org/security/2016/dsa-3673

Trust: 1.1

url:https://security.gentoo.org/glsa/201612-16

Trust: 1.1

url:https://security.gentoo.org/glsa/201701-65

Trust: 1.1

url:https://security.gentoo.org/glsa/201707-01

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2017-0338.html

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:1216

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2708

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2709

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2710

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3113

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3114

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2018:2123

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2019:2859

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0451

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-3087-1

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-3087-2

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-3198-1

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-3270-1

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-3372-1

Trust: 1.1

url:https://www.ietf.org/mail-archive/web/tls/current/msg04560.html

Trust: 1.1

url:http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21991482

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21995039

Trust: 1.1

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

Trust: 1.1

url:http://www.splunk.com/view/sp-caaapsv

Trust: 1.1

url:http://www.splunk.com/view/sp-caaapue

Trust: 1.1

url:https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/

Trust: 1.1

url:https://bto.bluecoat.com/security-advisory/sa133

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1369383

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.1

url:https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849

Trust: 1.1

url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-02

Trust: 1.1

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312

Trust: 1.1

url:https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/

Trust: 1.1

url:https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20160915-0001/

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20170119-0001/

Trust: 1.1

url:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613

Trust: 1.1

url:https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178

Trust: 1.1

url:https://support.f5.com/csp/article/k13167034

Trust: 1.1

url:https://wiki.opendaylight.org/view/security_advisories

Trust: 1.1

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

Trust: 1.1

url:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Trust: 1.1

url:https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/

Trust: 1.1

url:https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.1

url:https://www.sigsac.org/ccs/ccs2016/accepted-papers/

Trust: 1.1

url:https://www.tenable.com/security/tns-2016-16

Trust: 1.1

url:https://www.tenable.com/security/tns-2016-20

Trust: 1.1

url:https://www.tenable.com/security/tns-2016-21

Trust: 1.1

url:https://www.tenable.com/security/tns-2017-09

Trust: 1.1

url:https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Trust: 1.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390722

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10186

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05302448

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbgn03765en_us

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10197

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10310

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05385680

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10171

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03725en_us

Trust: 1.0

url:https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369415

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390849

Trust: 1.0

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369403

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10215

Trust: 1.0

url:https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability

Trust: 1.0

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10759

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2016-2183

Trust: 0.9

url:http://jvn.jp/vu/jvnvu98667810/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91550327/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95298925/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2183

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsma-18-058-02

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-075-02

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01

Trust: 0.8

url:http://www.bizmobile.co.jp/news_02.php?id=4069&nc=1

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-3253

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3289

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5546

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3261

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5547

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3241

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3231

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5552

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3252

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-3272

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-5548

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-5549

Trust: 0.3

url:https://developer.ibm.com/javasdk/support/security-vulnerabilities/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-3231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3259

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5548

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5549

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3253

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3252

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3259

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5552

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3272

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5546

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3261

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3289

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-9798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-9798

Trust: 0.2

url:https://access.redhat.com/articles/3229231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-9788

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-9788

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10759

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05302448

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05369403

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05369415

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05385680

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05390722

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-c05390849

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbgn03765en_us

Trust: 0.1

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&amp;docid=emr_na-hpesbux03725en_us

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10171

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10186

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10197

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10215

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10310

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3842

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/updating/updating-cluster

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-8/8u121-b13-0ubuntu1.16.04.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-8/8u121-b13-0ubuntu1.16.10.2

Trust: 0.1

url:https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/

Trust: 0.1

sources: VULHUB: VHN-91002 // PACKETSTORM: 159431 // PACKETSTORM: 141354 // PACKETSTORM: 140977 // PACKETSTORM: 140718 // PACKETSTORM: 141352 // PACKETSTORM: 145017 // PACKETSTORM: 152978 // PACKETSTORM: 145018 // PACKETSTORM: 141555 // JVNDB: JVNDB-2016-004511 // NVD: CVE-2016-2183

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 159431 // PACKETSTORM: 141354 // PACKETSTORM: 141352 // PACKETSTORM: 145017 // PACKETSTORM: 152978 // PACKETSTORM: 145018 // PACKETSTORM: 141555

SOURCES

db:VULHUBid:VHN-91002
db:PACKETSTORMid:159431
db:PACKETSTORMid:141354
db:PACKETSTORMid:140977
db:PACKETSTORMid:140718
db:PACKETSTORMid:141352
db:PACKETSTORMid:145017
db:PACKETSTORMid:152978
db:PACKETSTORMid:145018
db:PACKETSTORMid:141555
db:JVNDBid:JVNDB-2016-004511
db:NVDid:CVE-2016-2183

LAST UPDATE DATE

2025-07-13T22:44:13.305000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-91002date:2023-02-12T00:00:00
db:JVNDBid:JVNDB-2016-004511date:2022-06-13T05:39:00
db:NVDid:CVE-2016-2183date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-91002date:2016-09-01T00:00:00
db:PACKETSTORMid:159431date:2020-10-01T14:47:21
db:PACKETSTORMid:141354date:2017-02-28T14:19:17
db:PACKETSTORMid:140977date:2017-02-08T19:22:00
db:PACKETSTORMid:140718date:2017-01-25T21:53:38
db:PACKETSTORMid:141352date:2017-02-28T14:19:01
db:PACKETSTORMid:145017date:2017-11-17T00:10:36
db:PACKETSTORMid:152978date:2019-05-20T16:39:06
db:PACKETSTORMid:145018date:2017-11-17T00:10:45
db:PACKETSTORMid:141555date:2017-03-09T17:02:00
db:JVNDBid:JVNDB-2016-004511date:2016-09-02T00:00:00
db:NVDid:CVE-2016-2183date:2016-09-01T00:59:00.137