### [CVE-2016-2183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

### POC

#### Reference
- http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
- http://seclists.org/fulldisclosure/2017/Jul/31
- http://seclists.org/fulldisclosure/2017/May/105
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.ubuntu.com/usn/USN-3372-1
- https://access.redhat.com/articles/2548661
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171
- https://kc.mcafee.com/corporate/index?page=content&id=SB10186
- https://kc.mcafee.com/corporate/index?page=content&id=SB10197
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
- https://sweet32.info/
- https://www.exploit-db.com/exploits/42091/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2016-20
- https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability
- https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability

#### Github
- https://github.com/AKApul/03-sysadmin-09-security
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/BroDaber/kitcat
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/Live-Hack-CVE/CVE-2016-2183
- https://github.com/MrShadow009/vulnerability-scan-task
- https://github.com/Nissiuser/Vulnerability-Scan-Report
- https://github.com/Officerwasu/Elevate-Labs-Task-3
- https://github.com/PS-RANASINGHE/Crypto-Ex---7
- https://github.com/Raju-Thulluri/Task-3
- https://github.com/Samaritin/OSINT
- https://github.com/ShAdowExEc/Nmap-based-batch-vulnerability-scanning
- https://github.com/Subhojit008/ELEVATE_LAB_TASK_03
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/aous-al-salek/crypto
- https://github.com/biswajitde/dsm_ips
- https://github.com/bunyadovaytac/cyber-lab4
- https://github.com/bysart/devops-netology
- https://github.com/catsploit/catsploit
- https://github.com/cherinejoseph/programmatic-vulnerability-remediations
- https://github.com/dhavaldp206/EL_Task3
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/gabrieljcs/ips-assessment-reports
- https://github.com/geon071/netolofy_12
- https://github.com/gourav5g/Perform-a-Basic-Vulnerability-Scan-on-Your-PC.
- https://github.com/hero2zero/burp-ssl-scanner-plus-plus
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/itscoltonhicks/Vulnerability-Management-Nessus
- https://github.com/jeffaizenbr/Cipher-TLS-removing-vulnerabilities-from-openvas
- https://github.com/kaif9711/Strengthened-Security-on-Metasploitable-3
- https://github.com/kaif9711/metasploitable3-vulnerability-assessment
- https://github.com/kampfcl3/lineBOT
- https://github.com/kthy/desmos
- https://github.com/kuffsit/SWEET32-scaning
- https://github.com/lithekevin/Threat-TLS
- https://github.com/mikemackintosh/ruby-qualys
- https://github.com/mohammadroshanmnadaf/basic_vulnerability_scan
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/omkalyankar/Network-Scanning-and-Vulnerability-Assessment
- https://github.com/pashicop/3.9_1
- https://github.com/santhosheyzz/Basic-Vulnerability-Scan-Pc
- https://github.com/shayilkhani/cryptographic-remediation-deployment
- https://github.com/snehakamkar1998-debug/Vulnerability-Scan-
- https://github.com/stanmay77/security
- https://github.com/tanjiti/sec_profile
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps
- https://github.com/yurkao/python-ssl-deprecated