<p>Upgrade <code>Amazon-Linux:2018.03</code> <code>java-1.8.0-openjdk</code> to version 1:1.8.0.121-0.b13.29.amzn1 or higher.<br>This issue was patched in <code>ALAS-2017-791</code>.</p>

Information Exposure Affecting java-1.8.0-openjdk package, versions <1:1.8.0.121-0.b13.29.amzn1

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

Exploit Maturity Mature

EPSS 0.53% (77^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-AMZN201803-JAVA180OPENJDK-1704650
published 27 Sep 2021
disclosed 1 Sep 2016

Report a new vulnerability Found a mistake?

Introduced: 1 Sep 2016

CVE-2016-2183 Open this link in a new tab CWE-200 Open this link in a new tab

How to fix?

Upgrade Amazon-Linux:2018.03 java-1.8.0-openjdk to version 1:1.8.0.121-0.b13.29.amzn1 or higher.
This issue was patched in ALAS-2017-791.

NVD Description

Note: Versions mentioned in the description apply only to the upstream java-1.8.0-openjdk package and not the java-1.8.0-openjdk package as distributed by Amazon-Linux. See How to fix? for Amazon-Linux:2018.03 relevant fixed versions and status.

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.