7.5
CVE-2017-13098
- EPSS 24.28%
- Veröffentlicht 13.12.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
BouncyCastle JCE TLS Bleichenbacher/ROBOT
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bouncycastle ≫ Bc-java Version < 1.59
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 24.28% | 0.976 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| cret@cert.org | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
https://www.oracle.com/security-alerts/cpuoct2020.html
https://robotattack.org/
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html
http://www.kb.cert.org/vuls/id/144389
http://www.securityfocus.com/bid/102195
https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
https://security.netapp.com/advisory/ntap-20171222-0001/
https://www.debian.org/security/2017/dsa-4072