Lucene search

K
f5F5F5:K10105323
HistoryMay 22, 2018 - 12:00 a.m.

K10105323 : Java Bouncy Castle vulnerability CVE-2015-7940

2018-05-2200:00:00
my.f5.com
34

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

Security Advisory Description

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an โ€œinvalid curve attack.โ€ (CVE-2015-7940)

Impact

This vulnerability allows unauthorized disclosure of information.