10 matches found
EUVD-2017-2317
Malware in sbrugna...
EUVD-2017-2315
Malware in sbrugna...
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: OSCI-Transport Library 1.2...
OSCI Transport Library OSCI-Transport Signature Package Vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and...
OSCI Transport Library OSCI-Transport XXE vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. An XML external entity injection vulnerability exists in OSCI Transport Library...
OSCI Transport Library OSCI-Transport Decryption Transport Encryption Algorithm Vulnerability
OSCI Transport Library Java is a Java library of mandatory transport protocols for German e-government, and OSCI Transport Library .NET is its .NET version.OSCI-Transport is one of the XML-based transport protocols. A security vulnerability exists in OSCI Transport Library version 1.6.1 Java and ...
CVE-2017-10670
An XML External Entity XXE issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET, exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure...
Xxe
An XML External Entity XXE issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET, exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure...
Design/Logic Flaw
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 Java and OSCI Transport Library 1.6 .NET. Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the...
CVE-2017-10670
The CVE-2017-10670 entry describes an XML External Entity (XXE) vulnerability in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). The root cause is an XXE issue that can be exploited by sending a specially crafted, standards-conforming OSCI ...