CVE-2012-5081

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.

Details
Severity MEDIUM Base Score 5.0
Impact Score 2.9 Exploit Score 10.0
Confidentiality Impact NONE Integrity Impact NONE
Availability Impact PARTIAL Access Vector
Authentication NONE Ease of Access
involve Systems
CVE-2016-6883

MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affect Systems
CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server’s private key (this is a variation of the Bleichenbacher attack).

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
moved Systems
CVE-2017-12373

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher’s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affect Systems

CVE-2017-13098

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as “ROBOT.”

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affected Systems
CVE-2017-13099

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as “ROBOT.”

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affect Systems

CVE-2017-17382

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affect Systems

CVE-2017-17427

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (“Bleichenbacher attack”). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
feign Systems
CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Details
Severity Base Score 5.9
Impact Score 3.6 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact NONE
Availability Impact NONE Access Vector
Authentication Ease of Access
affected Systems
CVE-2017-6168

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself, aka a ROBOT attack.

Details
Severity Base Score 7.4
Impact Score 5.2 Exploit Score 2.2
Confidentiality Impact HIGH Integrity Impact HIGH
Availability Impact NONE Access Vector
Authentication Ease of Access
affect Systems
informant : https://coinselected.com
Category : crypto topics

Leave a Reply

Your email address will not be published.