WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Remediation

References

Related Vulnerabilities

WordPress Plugin Wise Chat CSV Injection (2.8.3)

WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Request Forgery (5.8.5)

WordPress Plugin gboutique Local File Inclusion (1.3)

WordPress Plugin WP Membership Multiple Vulnerabilities (1.2.3)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-3197)

Severity

High

Classification

CVE-2016-2183 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities