7.5

CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BouncycastleBc-java Version >= 1.54 <= 1.59
BouncycastleFips Java Api Version <= 1.0.1
DebianDebian Linux Version9.0
OracleApi Gateway Version11.1.2.4.0
OracleEnterprise Repository Version12.1.3.0.0
OracleManaged File Transfer Version12.1.3.0.0
OracleManaged File Transfer Version12.2.1.3.0
OracleSoa Suite Version12.1.3.0.0
OracleSoa Suite Version12.2.1.3.0
OracleWebcenter Portal Version11.1.1.9.0
OracleWebcenter Portal Version12.2.1.3.0
OracleWeblogic Server Version12.1.3.0.0
RedhatVirtualization Version4.2
RedhatJboss Enterprise Application Platform Version7.1.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.62% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/errata/RHSA-2018:2423
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2424
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2425
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2428
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2643
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0877
Third Party Advisory
http://www.securityfocus.com/bid/106567
Third Party Advisory
VDB Entry
https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
Patch
Third Party Advisory
https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
Patch
Third Party Advisory
https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180
https://security.netapp.com/advisory/ntap-20190204-0003/
Patch
Third Party Advisory
https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test
Third Party Advisory
https://www.debian.org/security/2018/dsa-4233
Third Party Advisory