Описание
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.
Ссылки
- Mailing ListThird Party Advisory
- Technical DescriptionThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*
cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*
EPSS
Процентиль: 24%
0.0008
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.
EPSS
Процентиль: 24%
0.0008
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-327