|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
The Bouncy Castle Crypto Package For Java
Universal components / Libraries / Libraries used by multiple products
|Vendor||Legion of the Bouncy Castle Inc.|
This security bulletin contains one low risk vulnerability.
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the application is susceptible to a chosen ciphertext attack when negotiating an RSA key exchange for any TLS cipher suite. A remote attacker can conduct man-in-the-middle attack and decrypt HTTPS traffic or impersonate the HTTPS server.Mitigation
Update to version 1.0.3.
The Bouncy Castle Crypto Package For Java: 1.58Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?