vulnerability
Oracle Linux: CVE-2016-2183: ELSA-2016-3627: openssl security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 24, 2016 | Sep 27, 2016 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 24, 2016
Added
Sep 27, 2016
Modified
Dec 3, 2025
Description
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
Solutions
oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-perloracle-linux-upgrade-pythonoracle-linux-upgrade-python-debugoracle-linux-upgrade-python-develoracle-linux-upgrade-python-libsoracle-linux-upgrade-python-testoracle-linux-upgrade-python-toolsoracle-linux-upgrade-tkinter
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.