Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2017-13098

Published: 13/12/2017 Updated: 20/10/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 471
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Bouncycastle

Vulnerability Summary

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle legion-of-the-bouncy-castle-java-crytography-api

Vendor Advisories

Debian CVElist Bug Report Logs: bouncycastle: CVE-2017-13098
Debian Bug report logs - #884241 bouncycastle: CVE-2017-13098 Package: src:bouncycastle; Maintainer for src:bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Dec 2017 20:57:04 UTC Owned by: Markus Koschany <apo ...
Debian Security Advisories: DSA-4072-1 bouncycastle -- security update
Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys For the stable distribution (stretch), this problem has been fixed in version 156-1+deb9u1 We recommend that you upgrade your bouncycastle packages For the detailed security ...
Red Hat: CVE-2017-13098
BouncyCastle TLS prior to version 103, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated An attacker can recover the private key from a vulnerable application This vulnerability is referred to as "ROBOT" ...

References

CWE-203https://robotattack.org/https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5chttp://www.kb.cert.org/vuls/id/144389http://www.securityfocus.com/bid/102195https://www.debian.org/security/2017/dsa-4072https://security.netapp.com/advisory/ntap-20171222-0001/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884241https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/144389
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook