91 matches found
DEBIAN-CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...
UBUNTU-CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...
CVE-2017-13098 BouncyCastle JCE TLS Bleichenbacher/ROBOT
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...
CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...
Ubuntu: Security Advisory (USN-3497-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3497-1: OpenJDK 7 vulnerabilities
It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3497-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3497-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...
OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...
OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3275-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-2 advisory. USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Tenable has extracted the preceding...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3275-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-1 advisory. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java...
OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...
OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...
OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...
KLA11006 Multiple vulnerabilities in Oracle Java SE
Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in subcomponent JCE Java Cryptography Extension c...