CVE-2016-1000343 Description In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000343 https://www.bouncycastle.org/releasenotes.html Project Category n/a Tags data Date Disclosed 2018-06-04…
Read More
CVE-2016-1000342 Description In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000342 https://www.bouncycastle.org/releasenotes.html Project Category n/a Tags data Date Disclosed 2018-06-04 Date Discovered 2018-06-04 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2016-1000341 Description In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000341 https://www.bouncycastle.org/releasenotes.html https://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ Project Category n/a Tags data Date Disclosed 2018-06-04 Date Discovered 2018-06-04 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can…
Read More
CVE-2016-1000339 Description In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE…
Read More
CVE-2016-1000338 Description In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000338 https://www.bouncycastle.org/releasenotes.html Project Category n/a Tags data Date Disclosed 2018-06-01 Date Discovered 2018-06-01 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2016-0779 Description The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Also the EJBd can be disabled by following the steps in the reference. Reference: (http://tomee.apache.org/ejbd-transport.html) Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0779 http://tomee.apache.org/ejbd-transport.html http://tomee.apache.org/security/tomee.html https://www.tenable.com/pvs-plugins/9323 Project Category n/a Tags data operational Date Disclosed 2017-04-11 Date Discovered 2015-12-16 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2016-0763 Description The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue and using the Security Manager. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0763 https://tomcat.apache.org/security-7.html Project Category n/a Tags data Date Disclosed 2016-02-24 Date…
Read More
CVE-2016-0762 Description The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0762 http://www.openwall.com/lists/oss-security/2016/10/27/8 Project Category Timing Attack Tags data Date Disclosed 2017-08-10 Date Discovered 2015-12-16 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA==…
Read More
CVE-2016-0714 Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Workaround: A potential workaround is to disable session persistence for all hosted web applications. To determine how this is done, please reference the following link. (https://tomcat.apache.org/tomcat-7.0-doc/config/manager.html#Disable_Session_Persistence) Related links:…
Read More
CVE-2016-0706 Description Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Workaround for versions including and above 6.x: Add the below line to the `RestrictedServlets.properties` file: ``` org.apache.catalina.manager.StatusManagerServlet=restricted ``` Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0706 http://www.securityfocus.com/archive/1/537577 Project Category n/a Tags data operational privileged Date Disclosed…
Read More
