157 matches found
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...
UBUNTU-CVE-2015-0478
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...
IBM Patches Predictable Output Problem in SecureRandom PRNG
Details have surfaced on a recently patched vulnerability in IBM’s SecureRandom pseudo-random number generator that could allow an attacker to predict its output. Only the default SecureRandom implementation in the IBM Java Cryptography Extension JCE framework is vulnerable; IBM recommends that...
Design/Logic Flaw
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...
CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...
Design/Logic Flaw
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...
CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...
CVE-2007-6721
CVE-2007-6721 concerns the Legion of the Bouncy Castle Java Cryptography API (used in Crypto Provider Package) up to release 1.38; a Bleichenbacher vulnerability affects simple RSA CMS signatures without signed attributes. The exact impact is described as unknown in some sources, with remote atta...
CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...
PT-2009-1169 · Bouncy Castle · Crypto Provider Package +1
Name of the Vulnerable Software and Affected Versions: Bouncy Castle Java Cryptography API versions prior to 1.38 Crypto Provider Package versions prior to 1.36 Description: The issue is related to a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes, which has...
CVE-2008-4368
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...
CVE-2008-4368
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Overview The digital certificate that was used to sign jar files in the Java Cryptography Extension JCE 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after...
JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...