OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

CVE-2016-3426

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

Vulnerability of Java Platform and JRockit software platforms, allowing attackers to breach information confidentiality

The vulnerability of the JCE component in Java Platform and JRockit programming platforms is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality of information...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

Unspecified Vulnerability in Oracle Java SE JCE Component

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JCE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and trick...

Unspecified Vulnerability in Oracle Java SE JCE Component (CNVD-2015-04846)

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JCE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and trick...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

UBUNTU-CVE-2015-2613

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)

It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...

OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)

It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...

USN-2574-1 openjdk-7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...

OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)

It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...