Published: 30/06/2017 Updated: 06/07/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xoev osci transport library 1.6
xoev osci transport library 1.6.1

German e-gov protocol carries ancient vulns

The Register • Richard Chirgwin • 03 Jul 2017

Dies ist eine Chaos

Germany's e-government system is open to padding oracle attacks and other vulnerabilities because of an insecure communications protocol. According to this SEC-Consult advisory, which landed on Friday, the problems are in the OSCI-Transport Library version 1.2, for which a common implementation is in Java. OSCI, the Online Services Computer Interface, is the foundation of Germany's e-government. It's meant to provide secure, confidential, and legally-binding transmission over untrusted networks ...

CVE-2017-10669

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect