Oval Definition:oval:org.cisecurity:def:1851
Revision Date:2017-03-03Version:8
Title:Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111 - CVE-2016-2183
Description:The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Family:windowsClass:vulnerability
Status:INTERIMReference(s):CVE-2016-2183
CVE-2017-3259
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Definition Synopsis
  • Check for installation of Java SE Development Kit/Java SE Runtime Environment + vulnerable file version
  • Java SE Development Kit 1.6 is installed + version
  • Java SE Development Kit 6 is installed
  • AND Check if Java SE Development Kit 1.6 version is less than 6.0.1310
  • OR Java SE Development Kit 1.7 is installed + version
  • Java SE Development Kit 7 is installed
  • AND Check if Java SE Development Kit 1.7 version is less than 7.0.1210
  • OR Java SE Development Kit 1.8 is installed + version
  • Java SE Development Kit 8 is installed
  • AND Check if Java SE Development Kit 1.8 version is less than 8.0.1120
  • OR Java SE Runtime Environment 1.6 is installed + version
  • Java SE Runtime Environment 6 is installed
  • AND Check if Java SE Runtime Environment 1.6 version is less than 6.0.1310
  • OR Java SE Runtime Environment 1.7 is installed + version
  • Java SE Runtime Environment 7 is installed
  • AND Check if Java SE Runtime Environment 1.7 version is less than 7.0.1210
  • OR Java SE Runtime Environment 1.8 is installed + version
  • Java SE Runtime Environment 8 is installed
  • AND Check if Java SE Runtime Environment 1.8 version is less than 8.0.1120
  • OR Check if Java Runtime Environment version is greater than or equal 8.0 and less than 8.0.1110 (recursive)
    • BACK