CVE-2016-2183

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2016-2183
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2016-09-01 00:59:00 UTC
Updated2023-02-12 23:17:00 UTC
DescriptionThe DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Cisco Content Security Management Appliance 9.6.6-068 All All All
Application Cisco Content Security Management Appliance 9.7.0-006 All All All
Application Cisco Content Security Management Appliance 9.6.6-068 All All All
Application Cisco Content Security Management Appliance 9.7.0-006 All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl 1.0.1h All All All
Application Openssl Openssl 1.0.1i All All All
Application Openssl Openssl 1.0.1j All All All
Application Openssl Openssl 1.0.1k All All All
Application Openssl Openssl 1.0.1l All All All
Application Openssl Openssl 1.0.1m All All All
Application Openssl Openssl 1.0.1n All All All
Application Openssl Openssl 1.0.1o All All All
Application Openssl Openssl 1.0.1p All All All
Application Openssl Openssl 1.0.1q All All All
Application Openssl Openssl 1.0.1r All All All
Application Openssl Openssl 1.0.1t All All All
Application Openssl Openssl 1.0.2a All All All
Application Openssl Openssl 1.0.2b All All All
Application Openssl Openssl 1.0.2c All All All
Application Openssl Openssl 1.0.2d All All All
Application Openssl Openssl 1.0.2e All All All
Application Openssl Openssl 1.0.2f All All All
Application Openssl Openssl 1.0.2h All All All
Application Openssl Openssl 1.0.1a All All All
Application Openssl Openssl 1.0.1b All All All
Application Openssl Openssl 1.0.1c All All All
Application Openssl Openssl 1.0.1d All All All
Application Openssl Openssl 1.0.1e All All All
Application Openssl Openssl 1.0.1f All All All
Application Openssl Openssl 1.0.1g All All All
Application Openssl Openssl 1.0.1h All All All
Application Openssl Openssl 1.0.1i All All All
Application Openssl Openssl 1.0.1j All All All
Application Openssl Openssl 1.0.1k All All All
Application Openssl Openssl 1.0.1l All All All
Application Openssl Openssl 1.0.1m All All All
Application Openssl Openssl 1.0.1n All All All
Application Openssl Openssl 1.0.1o All All All
Application Openssl Openssl 1.0.1p All All All
Application Openssl Openssl 1.0.1q All All All
Application Openssl Openssl 1.0.1r All All All
Application Openssl Openssl 1.0.1t All All All
Application Openssl Openssl 1.0.2a All All All
Application Openssl Openssl 1.0.2b All All All
Application Openssl Openssl 1.0.2c All All All
Application Openssl Openssl 1.0.2d All All All
Application Openssl Openssl 1.0.2e All All All
Application Openssl Openssl 1.0.2f All All All
Application Openssl Openssl 1.0.2h All All All
Application Oracle Database 11.2.0.4 All All All
Application Oracle Database 12.1.0.2 All All All
Application Oracle Database 11.2.0.4 All All All
Application Oracle Database 12.1.0.2 All All All
Application Python Python All All All All
Application Python Python 3.3 All All All
Application Python Python 3.4.0 All All All
Application Python Python 3.5.0 All All All
Application Python Python 3.6.0 All All All
Application Python Python 3.3 All All All
Application Python Python 3.4.0 All All All
Application Python Python 3.5.0 All All All
Application Python Python 3.6.0 All All All
Operating System Redhat Enterprise Linux 5.0 All All All
Operating System Redhat Enterprise Linux 6.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 5.0 All All All
Operating System Redhat Enterprise Linux 6.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Application Redhat Jboss Enterprise Application Platform 6.0.0 All All All
Application Redhat Jboss Enterprise Application Platform 6.0.0 All All All
Application Redhat Jboss Enterprise Web Server 1.0.0 All All All
Application Redhat Jboss Enterprise Web Server 2.0.0 All All All
Application Redhat Jboss Enterprise Web Server 1.0.0 All All All
Application Redhat Jboss Enterprise Web Server 2.0.0 All All All
Application Redhat Jboss Web Server 3.0 All All All
Application Redhat Jboss Web Server 3.0 All All All

References

ReferenceSourceLinkTags
[security-announce] openSUSE-SU-2016:2537-1: important: Security update for compat-openssl098 - openSUSE Security Announce - openSUSE Mailing Lists SUSE lists.opensuse.org
Bugtraq BUGTRAQ www.securityfocus.com
Bugtraq BUGTRAQ www.securityfocus.com
Red Hat Customer Portal MISC access.redhat.com
[security-announce] SUSE-SU-2016:2394-1: important: Security update for SUSE lists.opensuse.org
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
OpenSSL 3DES Cipher Block Collision Weakness Lets Remote Users Decrypt Data in Certain Cases - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Bugtraq BUGTRAQ www.securityfocus.com
Security updates for all active release lines, September 2016 | Node.js CONFIRM nodejs.org Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
Bugtraq BUGTRAQ www.securityfocus.com
MySupport - Micro Focus Software Support CONFIRM softwaresupport.softwaregrp.com
Bugtraq BUGTRAQ www.securityfocus.com
[security-announce] SUSE-SU-2016:2458-1: important: Security update for SUSE lists.opensuse.org
USN-3194-1: OpenJDK 7 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
[security-announce] SUSE-SU-2017:0346-1: important: Security update for SUSE lists.opensuse.org
[security-announce] SUSE-SU-2016:2468-1: important: Security update for SUSE lists.opensuse.org
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow - Windows webapps Exploit EXPLOIT-DB www.exploit-db.com
[TLS] RC4+3DES rekeying - long-lived TLS connections MLIST www.ietf.org Mailing List, Third Party Advisory
Oracle Critical Patch Update Advisory - July 2020 MISC www.oracle.com
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
Red Hat Customer Portal REDHAT access.redhat.com
Bugtraq BUGTRAQ www.securityfocus.com
Bug 1369383 – CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) CONFIRM bugzilla.redhat.com Issue Tracking, Third Party Advisory
IBM Security Bulletin: OpenSSL and OpenVPN vulnerabilities affect IBM Rational Team Concert (CVE-2016-2183, CVE-2016-6329) - United States CONFIRM www-01.ibm.com Third Party Advisory
Oracle Critical Patch Update - January 2018 CONFIRM www.oracle.com Patch, Third Party Advisory
New Practical Attacks on 64-bit Block Ciphers (3DES, Blowfish) MISC www.nccgroup.trust Press/Media Coverage, Technical Description, Third Party Advisory
Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT MISC ics-cert.us-cert.gov
USN-3372-1: NSS vulnerability | Ubuntu UBUNTU www.ubuntu.com
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Oracle Critical Patch Update - April 2018 CONFIRM www.oracle.com
USN-3087-1: OpenSSL vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
Bugtraq BUGTRAQ www.securityfocus.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities | Splunk CONFIRM www.splunk.com Third Party Advisory
SWEET32: Birthday attacks against TLS ciphers with 64bit block size (CVE-2016-2183) - Red Hat Customer Portal CONFIRM access.redhat.com Mitigation, Third Party Advisory
Oracle Linux Bulletin - October 2016 CONFIRM www.oracle.com Third Party Advisory
Anatomy of a cryptographic collision – the “Sweet32” attack – Naked Security MISC nakedsecurity.sophos.com Press/Media Coverage, Technical Description, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Oracle Critical Patch Update - October 2016 CONFIRM www.oracle.com Patch, Third Party Advisory
support.f5.com/csp/article/K13167034 CONFIRM support.f5.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
Security Advisories - OpenDaylight Project CONFIRM wiki.opendaylight.org
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
USN-3198-1: OpenJDK 6 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
Oracle Critical Patch Update Advisory - October 2020 MISC www.oracle.com
[security-announce] openSUSE-SU-2018:0458-1: important: Security update SUSE lists.opensuse.org
McAfee Security Bulletin: Updates fix multiple OpenSSL vulnerabilities (CVE-2016-6304, CVE-2016-2183, CVE-2016-2182, and CVE-2016-7052) CONFIRM kc.mcafee.com Third Party Advisory
Accepted papers | ACM CCS 2016 MISC www.sigsac.org Third Party Advisory
Debian -- Security Information -- DSA-3673-1 openssl DEBIAN www.debian.org
Attack of the week: 64-bit ciphers in TLS – A Few Thoughts on Cryptographic Engineering MISC blog.cryptographyengineering.com Press/Media Coverage, Technical Description, Third Party Advisory
Public KB - SA40312 - September 22 2016 OpenSSL Security Advisory CONFIRM kb.pulsesecure.net Third Party Advisory
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
Bugtraq BUGTRAQ www.securityfocus.com
[security-announce] openSUSE-SU-2016:2407-1: important: Security update SUSE lists.opensuse.org
[security-announce] SUSE-SU-2017:0490-1: important: Security update for SUSE lists.opensuse.org
[security-announce] SUSE-SU-2017:0460-1: important: Security update for SUSE lists.opensuse.org
[security-announce] SUSE-SU-2016:2469-1: important: Security update for SUSE lists.opensuse.org
CVE-2016-2183 TLS Protocol 64-bit Cipher Vulnerability in Multiple NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN MISC sweet32.info Technical Description, Third Party Advisory
Oracle Critical Patch Update Advisory - October 2021 MISC www.oracle.com
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201701-65) — Gentoo Security GENTOO security.gentoo.org Third Party Advisory
[security-announce] openSUSE-SU-2016:2391-1: important: Security update SUSE lists.opensuse.org
Knowledge Center CONFIRM kc.mcafee.com
Red Hat Customer Portal REDHAT access.redhat.com
Knowledge Center CONFIRM kc.mcafee.com
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
Security Advisory 0024 - Arista MISC www.arista.com
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
Mitel Product Security Advisory 17-0008 CONFIRM www.mitel.com
Red Hat Customer Portal REDHAT access.redhat.com
[R5] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | Tenable Network Security CONFIRM www.tenable.com Third Party Advisory
McAfee Security Bulletin - Network Security Manager/Network Security Platform/Network Threat Behavior Analysis update fixes multiple vulnerabilities (CVE-2013-4559, CVE-2015-3200, CVE-2016-2183, CVE-2020-7256, CVE-2020-7258) CONFIRM kc.mcafee.com
[security-announce] SUSE-SU-2017:2700-1: important: Security update for SLES 12-SP1 Docker image - openSUSE Security Announce - openSUSE Mailing Lists SUSE lists.opensuse.org
USN-3270-1: NSS vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
access.redhat.com/security/cve/CVE-2016-2183 MISC access.redhat.com
Full Disclosure: SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities FULLDISC seclists.org
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
Bugtraq BUGTRAQ www.securityfocus.com
CVE-2016-2183 - Red Hat Customer Portal CONFIRM access.redhat.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
Oracle Critical Patch Update - July 2019 MISC www.oracle.com
USN-3087-2: OpenSSL regression | Ubuntu UBUNTU www.ubuntu.com
SWEET32 : triple-DES should now be considered as “bad” as RC4. · Issue #387 · ssllabs/ssllabs-scan · GitHub MISC github.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf CONFIRM cert-portal.siemens.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities | Splunk CONFIRM www.splunk.com Third Party Advisory
IBM Informix Dynamic Server DLL Injection / Code Execution ≈ Packet Storm MISC packetstormsecurity.com
[security-announce] openSUSE-SU-2017:0374-1: important: Security update SUSE lists.opensuse.org
Bugtraq: [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information BUGTRAQ seclists.org
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 CONFIRM softwaresupport.softwaregrp.com
Oracle VM Server for x86 Bulletin - October 2016 CONFIRM www.oracle.com Third Party Advisory
HPE Support document - HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
SeaCat Application Security Technology Is Not Impacted by the SWEET32 Issue (CVE-2016-2183) · TeskaLabs Blog MISC www.teskalabs.com Third Party Advisory
[R2] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security CONFIRM www.tenable.com Third Party Advisory
McAfee Security Bulletin - Sweet32 vulnerability (CVE-2016-2183) CONFIRM kc.mcafee.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Full Disclosure: Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities FULLDISC seclists.org
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates CONFIRM kb.juniper.net Third Party Advisory
[security-announce] openSUSE-SU-2017:0513-1: important: Security update SUSE lists.opensuse.org
[security-announce] SUSE-SU-2017:2699-1: important: Security update for SUSE lists.opensuse.org
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
USN-3179-1: OpenJDK 8 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products CONFIRM www.huawei.com
Broadcom Support Portal CONFIRM bto.bluecoat.com Third Party Advisory
[security-announce] SUSE-SU-2016:2387-1: important: Security update for SUSE lists.opensuse.org
[security-announce] openSUSE-SU-2016:2496-1: important: Security update SUSE lists.opensuse.org
Red Hat Customer Portal REDHAT access.redhat.com
Red Hat Customer Portal MISC access.redhat.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Oracle Critical Patch Update Advisory - January 2020 MISC www.oracle.com
RETIRED: Oracle Java SE CVE-2016-2183 Remote Security Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
Oracle Critical Patch Update Advisory - April 2020 N/A www.oracle.com
92630 BID www.securityfocus.com Third Party Advisory, VDB Entry
IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware - United States CONFIRM www-01.ibm.com Third Party Advisory
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
January 2017 Java Platform Standard Edition Vulnerabilities in Multiple NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
The SWEET32 Issue, CVE-2016-2183 - OpenSSL Blog CONFIRM www.openssl.org Mitigation, Press/Media Coverage, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com
Oracle Critical Patch Update - July 2017 CONFIRM www.oracle.com Patch, Third Party Advisory
[R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security CONFIRM www.tenable.com Third Party Advisory
[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities - Security Advisory | Tenable™ CONFIRM www.tenable.com Third Party Advisory
Oracle Critical Patch Update - October 2017 CONFIRM www.oracle.com Patch, Third Party Advisory
IcedTea: Multiple vulnerabilities (GLSA 201707-01) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
[security-announce] SUSE-SU-2017:1444-1: important: Security update for SUSE lists.opensuse.org
[security-announce] SUSE-SU-2016:2470-1: important: Security update for SUSE lists.opensuse.org Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
IBM Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329) - United States CONFIRM www-01.ibm.com Third Party Advisory
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 376056 IBM Cognos Analytics Multiple Vulnerabilities (566643)
  • 378985 Birthday attacks against Transport Layer Security (TLS) ciphers with 64bit block size Vulnerability (Sweet32)
  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 591093 ABB Relion 650, Relion 670 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (ABB-VU-PGGA-1MRG024369) (ABB-VU-PGGA-1MRG025160)
  • 591186 Mitsubishi Electric Air Conditioning Systems Multiple Vulnerabilities (ICSA-22-160-01)
  • 591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)
  • 671073 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2643)
  • 671109 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2509)
  • 710328 Gentoo Linux Oracle Java Runtime Error/Java Development Toolkit Multiple Vulnerabilities (GLSA 201701-65)
  • 710425 Gentoo Linux IcedTea Multiple Vulnerabilities (GLSA 201707-01)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report