Lucene search

Veracode Vulnerability DatabaseVERACODE:15667

HistoryMay 02, 2019 - 5:03 a.m.

Weak Encryption Parameters

2019-05-0205:03:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.25__2.3.10.4.el5_9
java-1.7.0-openjdkeq1.7.0.5__2.2.1.el6_3.3
java-1.7.0-openjdkeq1.7.0.25__2.3.10.4.el6_4
java-1.7.0-openjdkeq1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.3.el6_3.1
java-1.7.0-openjdkeq1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdkeq1.7.0.51__2.4.4.1.el5_10
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el6_5

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.25__2.3.10.4.el5_9
java-1.7.0-openjdk	eq	1.7.0.5__2.2.1.el6_3.3
java-1.7.0-openjdk	eq	1.7.0.25__2.3.10.4.el6_4
java-1.7.0-openjdk	eq	1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.el6_3.1
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdk	eq	1.7.0.51__2.4.4.1.el5_10
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el6_5

Rows per page:

1-10 of 1901

References

lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

marc.info/?l=bugtraq&m=140852886808946&w=2

marc.info/?l=bugtraq&m=140852974709252&w=2

rhn.redhat.com/errata/RHSA-2015-0264.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/58830

secunia.com/advisories/59404

secunia.com/advisories/59503

secunia.com/advisories/59680

secunia.com/advisories/59924

secunia.com/advisories/59985

secunia.com/advisories/59986

secunia.com/advisories/59987

secunia.com/advisories/60002

secunia.com/advisories/60031

secunia.com/advisories/60032

secunia.com/advisories/60081

secunia.com/advisories/60129

secunia.com/advisories/60180

secunia.com/advisories/60245

secunia.com/advisories/60317

secunia.com/advisories/60326

secunia.com/advisories/60335

secunia.com/advisories/60485

secunia.com/advisories/60497

secunia.com/advisories/60622

secunia.com/advisories/60812

secunia.com/advisories/60817

secunia.com/advisories/60831

secunia.com/advisories/60839

secunia.com/advisories/60846

secunia.com/advisories/60890

secunia.com/advisories/61215

secunia.com/advisories/61254

secunia.com/advisories/61264

secunia.com/advisories/61278

secunia.com/advisories/61293

secunia.com/advisories/61294

secunia.com/advisories/61469

secunia.com/advisories/61577

secunia.com/advisories/61640

secunia.com/advisories/61846

secunia.com/advisories/62314

secunia.com/advisories/62319

security.gentoo.org/glsa/glsa-201502-12.xml

www-01.ibm.com/support/docview.wss?uid=swg21680334

www-01.ibm.com/support/docview.wss?uid=swg21681379

www-01.ibm.com/support/docview.wss?uid=swg21681966

www-01.ibm.com/support/docview.wss?uid=swg21683338

www-01.ibm.com/support/docview.wss?uid=swg21683429

www-01.ibm.com/support/docview.wss?uid=swg21683438

www-01.ibm.com/support/docview.wss?uid=swg21683484

www-01.ibm.com/support/docview.wss?uid=swg21685121

www-01.ibm.com/support/docview.wss?uid=swg21685122

www-01.ibm.com/support/docview.wss?uid=swg21685178

www-01.ibm.com/support/docview.wss?uid=swg21685242

www-01.ibm.com/support/docview.wss?uid=swg21686142

www-01.ibm.com/support/docview.wss?uid=swg21686383

www-01.ibm.com/support/docview.wss?uid=swg21686824

www-01.ibm.com/support/docview.wss?uid=swg21688893

www-01.ibm.com/support/docview.wss?uid=swg21689593

www-01.ibm.com/support/docview.wss?uid=swg21691089

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096529

www.debian.org/security/2014/dsa-2980

www.debian.org/security/2014/dsa-2987

www.ibm.com/support/docview.wss?uid=swg21681644

www.ibm.com/support/docview.wss?uid=swg21683518

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/68636

www.securitytracker.com/id/1030577

www.vmware.com/security/advisories/VMSA-2014-0012.html

access.redhat.com/errata/RHSA-2014:0902

access.redhat.com/errata/RHSA-2014:0908

access.redhat.com/security/updates/classification/#critical

exchange.xforce.ibmcloud.com/vulnerabilities/94606

kc.mcafee.com/corporate/index?page=content&id=SB10083

rhn.redhat.com/errata/RHSA-2014-0889.html

www.ibm.com/support/docview.wss?uid=swg21680418

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:15667