Main Vulnerability Database Exploits ID:66 - Exploit for Information disclosure in The Bouncy Castle Crypto Package For Java - CVE-2017-13098

ID:66 - Exploit for Information disclosure in The Bouncy Castle Crypto Package For Java - CVE-2017-13098

Published: March 18, 2020

Vulnerability identifier: #VU9750

Vulnerability risk: Low

CVE-ID: CVE-2017-13098

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
The Bouncy Castle Crypto Package For Java

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/ssl/bleichenbacher_oracle

Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the application is susceptible to a chosen ciphertext attack when negotiating an RSA key exchange for any TLS cipher suite. A remote attacker can conduct man-in-the-middle attack and decrypt HTTPS traffic or impersonate the HTTPS server.

Remediation

Update to version 1.0.3.

ID:66 - Exploit for Information disclosure in The Bouncy Castle Crypto Package For Java - CVE-2017-13098

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human