CVE-2015-6644

Опубликовано: 01 янв. 2016

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss A-MQ 6	fabric8	Affected
Red Hat Subscription Asset Manager	bouncycastle	Will not fix
Red Hat JBoss A-MQ 6.3	fabric8	Fixed	RHSA-2017:1832	10.08.2017
Red Hat JBoss EAP 7		Fixed	RHSA-2017:2810	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-artemis-native	Fixed	RHSA-2017:2809	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-bouncycastle	Fixed	RHSA-2017:2809	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-hibernate-validator	Fixed	RHSA-2017:2809	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jasypt	Fixed	RHSA-2017:2809	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jboss-jms-api_2.0_spec	Fixed	RHSA-2017:2809	26.09.2017
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6	eap7-jboss-logmanager	Fixed	RHSA-2017:2809	26.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1444015bouncycastle: Information disclosure in GCMBlockCipher

EPSS

Процентиль: 40%

0.00184

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2015-6644

CVSS3: 3.3

ubuntu

около 10 лет назад

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

CVE-2015-6644

CVSS3: 3.3

nvd

около 10 лет назад

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

CVE-2015-6644

CVSS3: 3.3

debian

около 10 лет назад

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...

GHSA-x38m-968w-w2xq

CVSS3: 3.3

github

больше 3 лет назад

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

BDU:2016-00077

fstec

около 10 лет назад

Уязвимость операционной системы Android, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 40%

0.00184

Низкий

5.5 Medium

CVSS3