CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size

Severity

High

Vendor

Cloud Foundry Foundation

Description

Cloud Foundry BOSH System Metrics Server, all versions prior to v0.0.24 and Cloud Foundry Loggregator, 105.x versions prior to v105.6, support block ciphers with 64 bit block size. A remote unauthenticated malicious user can obtain cleartext data via a birthday attack against a long-duration encrypted session.

Affected Cloud Foundry Products and Versions

Cloud Foundry BOSH System Metrics
- All versions prior to v0.0.24

Cloud Foundry Loggregator
- All versions prior to v105.6

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

Releases that have fixed this issue include:
- Cloud Foundry BOSH System Metrics version v0.0.24
- Cloud Foundry Loggregator version v105.6

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2183

History

2019-10-24: Initial vulnerability report published.

CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size

Severity

Vendor

Description

Affected Cloud Foundry Products and Versions

Mitigation

References

History

You Might Also Like

USN-4512-1: util-linux vulnerability

CVE-2020-15586: Gorouter is vulnerable to DoS Attack via Expect: 100-continue requests

USN-4192-1: ImageMagick vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!