Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1000345

Опубликовано: 27 апр. 2016
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

Отчет

This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11bouncycastleNot affected
Red Hat JBoss Data Grid 7bouncycastleNot affected
Red Hat JBoss Data Virtualization 6bouncycastleOut of support scope
Red Hat JBoss Enterprise Application Platform 7bouncycastleNot affected
Red Hat JBoss Fuse 6bouncycastleWill not fix
Red Hat JBoss Fuse Integration Service 2bouncycastleNot affected
Red Hat OpenShift Application RuntimesbouncycastleNot affected
Red Hat Single Sign-On 7bouncycastleNot affected
Red Hat Software Collectionsrh-eclipse46-bouncycastleWill not fix
Red Hat Subscription Asset ManagerbouncycastleWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-325
https://bugzilla.redhat.com/show_bug.cgi?id=1588323bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack

EPSS

Процентиль: 74%
0.00797
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-1000345

CVSS3: 5.9
ubuntu
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

nvd логотип

CVE-2016-1000345

CVSS3: 5.9
nvd
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

debian логотип

CVE-2016-1000345

CVSS3: 5.9
debian
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/E ...

github логотип

GHSA-9gp4-qrff-c648

CVSS3: 5.9
github
больше 7 лет назад

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

suse-cvrf логотип

openSUSE-SU-2018:1689-1

suse-cvrf
больше 7 лет назад

Security update for bouncycastle

EPSS

Процентиль: 74%
0.00797
Низкий

4.8 Medium

CVSS3

Уязвимость CVE-2016-1000345