The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumpleaños de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a través de un ataque de cumpleaños contra una sesión cifrada de larga duración, según lo demostrado por una sesión HTTPS usando Triple DES en modo CBC, también conocido como un ataque "Sweet32".
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
AV:N/AC:L/Au:N/C:P/I:N/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-200
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-200
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 6.0.0 | <built-in method update of dict object at 0x72a9cd0ba340> | Application |
| redhat | jboss_enterprise_web_server | 1.0.0 | <built-in method update of dict object at 0x72a9cc82b180> | Application |
| redhat | jboss_enterprise_web_server | 2.0.0 | <built-in method update of dict object at 0x72a9cd0b9080> | Application |
| redhat | jboss_web_server | 3.0 | <built-in method update of dict object at 0x72a9b0d58780> | Application |
| redhat | enterprise_linux | 5.0 | <built-in method update of dict object at 0x72a9cd0bb500> | Operating System |
| redhat | enterprise_linux | 6.0 | <built-in method update of dict object at 0x72a9b0c21280> | Operating System |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a9cd0baf40> | Operating System |
| python | python | * | <built-in method update of dict object at 0x72a9b0c21300> | Application |
| python | python | * | <built-in method update of dict object at 0x72a9b0c21800> | Application |
| python | python | * | <built-in method update of dict object at 0x72a9cd0bb700> | Application |
| cisco | content_security_management_appliance | 9.6.6-068 | <built-in method update of dict object at 0x72a9b0e0e800> | Application |
| cisco | content_security_management_appliance | 9.7.0-006 | <built-in method update of dict object at 0x72a9b0d5b5c0> | Application |
| openssl | openssl | 1.0.1a | <built-in method update of dict object at 0x72a9cd0b97c0> | Application |
| openssl | openssl | 1.0.1b | <built-in method update of dict object at 0x72a9cc7cf200> | Application |
| openssl | openssl | 1.0.1c | <built-in method update of dict object at 0x72a9b0de8300> | Application |
| openssl | openssl | 1.0.1d | <built-in method update of dict object at 0x72a9b0c20800> | Application |
| openssl | openssl | 1.0.1e | <built-in method update of dict object at 0x72a9b0de86c0> | Application |
| openssl | openssl | 1.0.1f | <built-in method update of dict object at 0x72a9cd0b8140> | Application |
| openssl | openssl | 1.0.1g | <built-in method update of dict object at 0x72a9cc7f5380> | Application |
| openssl | openssl | 1.0.1h | <built-in method update of dict object at 0x72a9cd0b82c0> | Application |
| openssl | openssl | 1.0.1i | <built-in method update of dict object at 0x72a9cc41fe80> | Application |
| openssl | openssl | 1.0.1j | <built-in method update of dict object at 0x72a9b0c22080> | Application |
| openssl | openssl | 1.0.1k | <built-in method update of dict object at 0x72a9cd0bb4c0> | Application |
| openssl | openssl | 1.0.1l | <built-in method update of dict object at 0x72a9b0d58b40> | Application |
| openssl | openssl | 1.0.1m | <built-in method update of dict object at 0x72a9b0c23380> | Application |
| openssl | openssl | 1.0.1n | <built-in method update of dict object at 0x72a9cc7f5840> | Application |
| openssl | openssl | 1.0.1o | <built-in method update of dict object at 0x72a9b0debf80> | Application |
| openssl | openssl | 1.0.1p | <built-in method update of dict object at 0x72a9cc82ae40> | Application |
| openssl | openssl | 1.0.1q | <built-in method update of dict object at 0x72a9b0c2aa40> | Application |
| openssl | openssl | 1.0.1r | <built-in method update of dict object at 0x72a9b0d586c0> | Application |
| openssl | openssl | 1.0.1t | <built-in method update of dict object at 0x72a9b0d5ab40> | Application |
| openssl | openssl | 1.0.2a | <built-in method update of dict object at 0x72a9b0d58540> | Application |
| openssl | openssl | 1.0.2b | <built-in method update of dict object at 0x72a9b0a36b80> | Application |
| openssl | openssl | 1.0.2c | <built-in method update of dict object at 0x72a9b0a37b00> | Application |
| openssl | openssl | 1.0.2d | <built-in method update of dict object at 0x72a9b0c29040> | Application |
| openssl | openssl | 1.0.2e | <built-in method update of dict object at 0x72a9b0a37700> | Application |
| openssl | openssl | 1.0.2f | <built-in method update of dict object at 0x72a9b0a36a80> | Application |
| openssl | openssl | 1.0.2h | <built-in method update of dict object at 0x72a9b0a379c0> | Application |
| oracle | database | 11.2.0.4 | <built-in method update of dict object at 0x72a9b0a37900> | Application |
| oracle | database | 12.1.0.2 | <built-in method update of dict object at 0x72a9b0a34640> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x72a9b0a37100> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x72a9b0a36940> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x72a9b0c2b0c0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x72a9b0a37dc0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x72a9b0a35000> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |