SB2017082002 - Multiple vulnerabilities in Nimbus JOSE+JWT

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017082002

SB2017082002 - Multiple vulnerabilities in Nimbus JOSE+JWT

Published: August 20, 2017 Updated: January 10, 2020

Security Bulletin ID SB2017082002
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2017-12972)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to integer overflow when converting length values from bytes to bits in Nimbus JOSE+JWT. A remote attacker can shift Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC, trigger integer overflow and bypass HMAC authentication.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Cryptographic issues (CVE-ID: CVE-2017-12973)

The vulnerability allows a remote attacker to conduct a padding oracle attack.

the vulnerability exists due to improper validation of HMAC in authenticated AES-CBC decryption in Nimbus JOSE+JWT. A remote attacker can conduct a padding oracle attack.


3) Cryptographic issues (CVE-ID: CVE-2017-12974)

The vulnerability allows a remote attacker to conduct a padding oracle attack.

The vulnerability exists due to Nimbus JOSE+JWT proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker can conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.


Remediation

Install update from vendor's website.

References