Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000613

Опубликовано: 09 июл. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
Версия от 1.58 (включая) до 1.60 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
Версия до 7.0.0.1 (исключая)
cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
Версия до 7.2 (исключая)
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04043
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-470

Связанные уязвимости

ubuntu логотип

CVE-2018-1000613

CVSS3: 9.8
ubuntu
больше 7 лет назад

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

redhat логотип

CVE-2018-1000613

CVSS3: 4.9
redhat
почти 8 лет назад

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

debian логотип

CVE-2018-1000613

CVSS3: 9.8
debian
больше 7 лет назад

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptogra ...

suse-cvrf логотип

openSUSE-SU-2018:2180-1

suse-cvrf
больше 7 лет назад

Security update for bouncycastle

github логотип

GHSA-4446-656p-f54g

CVSS3: 9.8
github
больше 7 лет назад

Deserialization of Untrusted Data in Bouncy castle

EPSS

Процентиль: 88%
0.04043
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-470