Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-1000180

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00221 | KEV: Not Included
Published: 05/06/2018 Updated: 21/11/2024

Vulnerability Summary

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and previous versions have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle fips java api

bouncycastle legion-of-the-bouncy-castle-java-crytography-api

debian debian linux 9.0

oracle api gateway 11.1.2.4.0

oracle business process management suite 11.1.1.9.0

oracle business process management suite 12.1.3.0.0

oracle business process management suite 12.2.1.3.0

oracle business transaction management 12.1.0

oracle communications application session controller 3.7.1

oracle communications application session controller 3.8.0

oracle communications converged application server

oracle communications webrtc session controller

oracle enterprise repository 12.1.3.0.0

oracle managed file transfer 12.1.3.0.0

oracle managed file transfer 12.2.1.3.0

oracle peoplesoft enterprise peopletools 8.55

oracle peoplesoft enterprise peopletools 8.56

oracle peoplesoft enterprise peopletools 8.57

oracle retail convenience and fuel pos software 2.8.1

oracle retail xstore point of service 7.0

oracle retail xstore point of service 7.1

oracle soa suite 12.1.3.0.0

oracle soa suite 12.2.1.3.0

oracle webcenter portal 11.1.1.9.0

oracle webcenter portal 12.2.1.3.0

oracle weblogic server 12.1.3.0.0

netapp oncommand workflow automation -

redhat virtualization 4.2

redhat jboss enterprise application platform 7.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: bouncycastle: CVE-2018-1000180
Debian Bug report logs - #900843 bouncycastle: CVE-2018-1000180 Package: src:bouncycastle; Maintainer for src:bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Jun 2018 20:27:02 UTC Severity: grave Tags: patch, s ...
Debian Security Advisories: DSA-4233-1 bouncycastle -- security update
It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected For the stable distribution (stretch), this problem has been fixed in version 156-1+deb9u2 We recommend that you upgrade your bouncycastle ...
Red Hat: Important: Red Hat Single Sign-On 7.2.4 security update
Synopsis Important: Red Hat Single Sign-On 724 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 72 from theCustomer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 71 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer PortalRed Hat Product Security has rated this update as having a secu ...
Red Hat: Important: Fuse 7.1 security update
Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security & bug fix update
Synopsis Important: Red Hat OpenShift Application Runtimes Thorntail 240 security & bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Import ...
Red Hat: Important: rhvm-appliance security update
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...

Github Repositories

https://github.com/CyberSource/cybersource-sdk-java

Java SDK for CyberSource Simple Order API

CyberSource Simple Order API for Java Package Managers Maven To install the cybersource-sdk-java from central repository, add dependency to your application pomxml as below <dependency> <groupId>comcybersource</groupId> <artifactId>cybersource-sdk-java</artifactId> <version>6213&

References

CWE-327https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843https://nvd.nist.govhttps://github.com/CyberSource/cybersource-sdk-javahttps://www.first.org/epsshttps://www.debian.org/security/./dsa-4233http://www.securityfocus.com/bid/106567https://access.redhat.com/errata/RHSA-2018:2423https://access.redhat.com/errata/RHSA-2018:2424https://access.redhat.com/errata/RHSA-2018:2425https://access.redhat.com/errata/RHSA-2018:2428https://access.redhat.com/errata/RHSA-2018:2643https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2019:0877https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55adhttps://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190204-0003/https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-testhttps://www.debian.org/security/2018/dsa-4233https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://www.securityfocus.com/bid/106567https://access.redhat.com/errata/RHSA-2018:2423https://access.redhat.com/errata/RHSA-2018:2424https://access.redhat.com/errata/RHSA-2018:2425https://access.redhat.com/errata/RHSA-2018:2428https://access.redhat.com/errata/RHSA-2018:2643https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2019:0877https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55adhttps://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190204-0003/https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-testhttps://www.debian.org/security/2018/dsa-4233https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
privilegeCVE-2025-43967XSSadeptlanguageCVE-2024-42699CVE-2025-1732pritunlpritunl-clientCVE-2025-31201men salon management systemlocalCVE-2025-24071CVE-2025-43973
Home
/
Search Results
/
CVE-2018-1000180
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook